From a7be91453b651c769e35c823a03e1b9325952c59 Mon Sep 17 00:00:00 2001 From: Steven Hardy Date: Wed, 11 Sep 2024 11:46:57 +0100 Subject: [PATCH] new chart wip --- .../chart/Chart.yaml | 7 + .../chart/templates/airgap-cm-core.yaml | 46 + .../chart/templates/airgap-cm-metal3.yaml | 4382 ++++++++++++++++ .../templates/airgap-cm-rke2-bootstrap.yaml | 2740 ++++++++++ .../airgap-cm-rke2-control-plane.yaml | 4497 +++++++++++++++++ .../package.yaml | 2 + scripts/turtles_airgap_cms.sh | 7 +- 7 files changed, 11675 insertions(+), 6 deletions(-) create mode 100644 packages/rancher-turtles-airgap-resources/chart/Chart.yaml create mode 100644 packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-core.yaml create mode 100644 packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-metal3.yaml create mode 100644 packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-rke2-bootstrap.yaml create mode 100644 packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-rke2-control-plane.yaml create mode 100644 packages/rancher-turtles-airgap-resources/package.yaml diff --git a/packages/rancher-turtles-airgap-resources/chart/Chart.yaml b/packages/rancher-turtles-airgap-resources/chart/Chart.yaml new file mode 100644 index 00000000..742b0bd1 --- /dev/null +++ b/packages/rancher-turtles-airgap-resources/chart/Chart.yaml @@ -0,0 +1,7 @@ +appVersion: 0.11.0 +description: Rancher Turtles utility chart for airgap scenarios +home: https://github.com/rancher/turtles/ +icon: https://raw.githubusercontent.com/rancher/turtles/main/logos/capi.svg +name: rancher-turtles-airgap-resources +type: application +version: 0.2.0 diff --git a/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-core.yaml b/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-core.yaml new file mode 100644 index 00000000..c7ae6030 --- /dev/null +++ b/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-core.yaml @@ -0,0 +1,46 @@ +apiVersion: v1 +binaryData: + components: H4sICDV04WYAA2NvcmUtY29tcG9uZW50cy55YW1sAOy9aXPbSJYo+t2/AqGeCcszImWVq+pO+cbEfW4v3brtLSTZdV9U91yBJEhiDAIsLFq6Xv33d5bcsCdIipJdeSK6yyKAXE5mnjz78dfh5yDNwiR+7l2dPPoSxrPn3nt/FWRrfxo8WgW5P/Nz//kjz4v8SRBl+C/Pm0ZFlgfp+Gb05T+ycZgcr9PkKpwF6XP5aOSvQ341ifM0iUbryI+D5/LPCN5Y+bG/CFJ4K4YO4RF8Mspu4evVo9Fo9Mg3xgb/Dm7yIMa/srHoVA34JXSZrM6CLCnSafAqmIdxmMObpfH7cZzkPv4sJxGkuRwENhfG/x1M89HUH83TZFUazzH/O0ivwngxwg/NueFkFkE8/lJMgkkRRjNu70oh9un45Pvx001xKLDDv00jP8uCbFz9+lG2DqbYMIxJdkzdZHnq58Hi9rn3czBZJskX+vWa/82v4FjCIM5fJvE8XMjf4FOc7zTQP5RWSjQxEm9VXqL9U15T/cLaz5fPvWMeai7HoAZ+FlyFwbVY+0x2P8INqv85gaXFvxdpUqyf17Ap8CZxjShI0lD+PaptU7GR+NeXiGT6OQqz/G+1R2/hV3q8jorUj6qLw3hfJmn+Xg8BupzyA9hCReSn5a/gUTZN1oFx+mbw25WBhJHnz2a0r/3oYxrGOJokKlax6mEWZNM0XOe06y7CVeDNYHz4J/Y6DbxpGvCfybw+V8/77yyJP9LajOXJGctPsLks91frR+ZOeLGQC5/f4uDhE/5hFqzTANEOqMvTgn/kb65O/Gi99L9nbEyXwcqXawwIiF98PP387Lz0s1ee2f83MvaSOQ0vzDzfg70GxCYPvOtlOF3C2sfeJPCKLJh5ecIoCDw+9/jLOomSBeyM8aNHRrOvjPFfLKFdnJ93HUYRNpYGq+QKvg4Bk3GA2MyXgRcDiYJHUeDjCVWNwblewzZXm4/BoG7Gr10zRUDk8FfwIpC5IKOexTaBETE+eUQw6hSnkcHZVssO2EgmSOjGlabP4RxDM7hxi2gmjiPOZ5os4vCfqu0MsYidIo6z3KONCFvSu/KjIjiCDmaVllf+LTSDfXpFbLRHH2TVcbxL0gAanSfPvWWer7Pnx8eLMJc0f5qsVgVQ99tjIr7hpMiTNDueBVdBdJyFi5GfTpdhDn0VaXCM1IcmEhPdH69mf0rFLZGVuuXdC7QSDqfxgKjCgOVBUsGbkJviKepVwJ8QdWevzy88ORJeKV4U/WoNL3J9EJuAniDl7/CuojaDeLZOYDHoDyboXlZMVmGO2+BXwHSOS1dt9iXdi3RC1nh6Z9UXTmN4ZxVEL2FX73mtcFWyES6C1WqZt331ZUav8UDely1La5KVc3hVPJ2IAwd/hSkeiRyJiTj/5jdlTDWTAATBQnwk7qjyrG+30fIZ3/POSwPYGwFSezinvhclUzibgKtiilvDz71lEs3kLHI/jLKGZudJ6hE/gmRF7lrRl8ed4SvGrKtbo2vStFg+rH0cnMbz1OfRwSZoetEGCwjvuMELSf1N+ih3BhIn3K9Gl7R90xXRx5aWcaZinTxiY+XgK3eGCXRnzMMgInqQFes1sAN4Y8xpDEkc3eK/6ayWmpZcoLrGWjpQyzzz/AlcRtiNQIE38fGyw35ExzCCICfqA/QlCqd+jbowdC+Z6Lbtke1CIZwFc7lbfy3oJFW27ZRYekUjO5pK5vjhzJvcwmcSe83Ts5siQtvt3DljuJzlTSxJgphV7bItQws9qwJtJ+LP7MfUuQoIp3MeJF1XhHoQtaZBiVWAMwJH3J+JH5FCw8HhZ0d8DfUOHkGzFkB3YugKrsdw5v3v8w/vj/+SiOPiT+FyzpiyrqCrI9jEwMYB3yGI7jk+GQMDF87hThuL1gDvv3z3j248e94bOMrBDXCxEXAq4vypm1duwDATe1C2DHwfTBIHvE5mYsLXNJXc/wINiKnATR+FX1qImIYDvHqMYf+GbPHvB97h9RIG4B3gnwc8HMVr4W9yT+lhETkHxC8WeAJ6uiUeAW/XJx4gAeYeJ0ZT1AGuI4wthIWY1YYJ2IUxlnHS0yVc3MGN9x2yyYQzwN6TMZPG7BbaucEep8sE+B2miDDbpQ+0LEtgNNdBFI2Yis+8a+B6knlPf3IJcSvDWvnAvnZxvFW4+PDqw3MeKW61RYzDQ+YIhgB3KNLTvELWeeugWLH040XAM4W7scCrZSeHvs6CVmHYeScWdRB1ujc2rwqWGCMpc4cYe2+cvS0whtqhNA5AZkKkzZJphviaBus8O4b7O0Wdx/F1kn5BFRMerhHv2uyYFBnHf6L/7ApBrJ/ZMZao0ftHFY4iO94FpiT7MZwX6MXXORPaabUPJCasuBACvHErrfwZX1t+fHvPZxbXo0hxZLcjqeIFAon/zkJgFuD3XSxAEe6U+H06fXX/2/P4TzCrHRzkFsG2DDcjPdrRyl+P+CsfmOtw2viV5Mib8T5CxDU+6RlOs3AuwVLEk2JcWBXr1iDVsH6PfhfimRLMDSG5bb1fAAdYwP5eCX3MyuhrFaSoK8SlFBwY7PxsncQz5DTUm0oVI5SKtw9DPKwKhpuKfjUDSuNLhoraRtCy2un2h/yFHiPJl7FXxErUn3lfglvBqMNRgF6TVC6rb6rjgKtGLdukS+wEgRpFTrRKkfYzT5KI2HVqlVYxDWBaQFE9P52Eeeqnt2qvIBcMY/HhTRhwRze/FkF6608iblEIUBPcBwEaXnD4S+CeV8ksnN/ibhSkpousVUhaM0UrMrRqAaUC8q+Rug0xMo1fTXDPW+cd7AigF0JxCzslI5Szkpo3RcWUkKQLHzXZ9J40Mf2za9Mcko2HlzKIAFVP1HpB/7A9/Bwufn4E9zGORyhsSH2v7Y1d1we3Tka5nW4DXr/Nd0DPC62aJbsl3JFGaYA2yYJiWmiRttcgWZwDC82R/UHZl8bofrVF960pugct0Z41RPvUDm2hGdqfVsjiIHdrg+zP8FAt0APQAFlgp1vzY4+doRqf/Wt7LJHRo+UZhpHB2p29a3YssGKt0bHHzV1qch6wFscC2Z3aG3sED9Ta7F1j04uJXtZ4mJamXUPTrJ3p6D7sMb/3L9JpxZre4IIg2ehRJk+KctHSDgkNTRsuCnWHhIoVXzUtnOoampMOCwXwHWlEwnIXg3/R/KpHRxmVP1mIYrlsNUROcSU9rRraEztYTz1B/qMyjelmzhROdnKyUwmc7ORkJyc7lcHJTk52GoAMJztVwclOTnZyspMCnDPs1k2Epp/504pTOTcI9yP8rOSKVokAmMmcufYpmoSmMsADP6dhZ10BMC3iVmkIkhvaysH7VbCOkltkL1tY/UHe3UZrPHcM0MKBit4w7ki84IlorEbTXSsSEHwy7kKjJjaaTw0QiFWrCGN7Smtz42Amsu9myI77JamRGbfmUVbWrLVLJUoDOopMOvhfmhEMl210wsaDmnDfxaIP8dthdMwCYBwDQgaGYpUn7omoGckuivkfdbZLVwux5u8+nV/Q9ojDX4tACyKl4DK28sYc/yW9Kzo7EIMRrRjRZ76KP6utfRd1tnMLEltlV9hXARV83sxwEiGusGBQpkJyFEzIjLjDzr5q2JDm8XII1YADymDn9O95kyTJMWB23efDPcztzPP+LBuWOGOKr/rTB7ykeREUq7d5dVkY8Z0CN+9UqEp3E7YoQugMAtEwFEkIOwwM0TAwRETDEKQg2IaNaNhNAIkGS79KDZZBJS0jtlxVhH0Gmmi4/5ATDfetFivDPYWhaLiHgBQN+w5N0bBlkIqG/YaraBhMYvpDWDRsSl02CWvR8ABUdGUYjOP+oBcNm+J4k0AYDfcTEqNhI5RahMlo2AavG4XOaLiXIBoNg3E7KLBGw6YYvutgGw0PWOlYhsFL1huKo2HTZdogPEfDvQTqaBiIT6vgHQ3Dw3g0dAf0aGgP7dlg2H2OJWUYumEqTiclmbriUeEEawYnWDvB2gnWTrB2gnUvOMHaACdYO8G6G5xg7QRrJ1grcIK1E6zLsFPBujuPhoahW2XT3BqDHBgY7ibVRnefQwROq0QXxusD8xZoGLi1Nzn9+0uIoWFPqTE03EWSDA13kS5DwyB61ZdCQ8OD3pT7SLWhYS9JNzTYpt8w0LHbRBwaBuwty1dtrryRdmvqfKusqO141WJsfeMaeVMjz339aU82JcvcJn6a+nU2sfXjxge1H5mCPffmfpTx+JCM+oug9FMxUYnNn3u//f7oKysXICsDyKoOmxUG2K4WgLE2ZlUA+ZtL4+/S+Ls0/i6Nv0vjb4IQB/8a+FG+fLkMpl+ar+BBUR5Ga4o++k0PefCALxN/DQunYUDixdKaPPC0/Cv/5lO8JMzcdmTYi28/dBiYR+KQ4VWw6AgeGdnJCEOyNt568yIFpKdYWieYhXzPIT3FBfGjKLkWiwSSaALX1cE7Y8YHWivBbDyZpDs6PJDc/oGUMz3RVDvHXtIUAYpGSTpiDBgVjuqAsQnnuZ/mxRp5oqTIdxJTWmuVkcRidpALVc1NuCrgWkHWDo9K/QR1cd1kNMxo06vDBze/QBQtRkU9g6OCRYsfw2iyLJmGeBF1dbFMk2KBuoZLJM7jj+KQnb665DPankAVATN0aI41yJXNUZ1vuLrWfqqVVwti+ChirFuCEdTwcVZ1J4EGZreIGGatCbfE53qHgoSQqsG/AoqMGokn3d2YpJg6g1b9iNiqXfUhVu6up6K7UUo6JT6oljuX81Uw94uIuBvv5Km3CuMi7xahT+febVJ412G2pMC4MCMlEO8B6BtmeaROA/NwwQ0S2jBnw/PTrRIKGKTqojfoakhtlFqzjSyBSSl7biUEcYOxs04t8Yx23uk+cdXTFQE5BFwmaxY0j3jPzMMoCsinImi6trVKpaMvFs5w3nFwLflqrfetuXXxzbqE/0MVzryEHsHZySDRPOno1zeGx5xWFGIcJtBYJIaGLIxinCs04wrNNMFDcElyhWZcoRnPFZpxhWZcoRkEV2jGFZppBVdoZu+FZjytTHgphdAOXnlAzqN6szpERKeMESyOfIN4nBkMPwXJs0uQAu6JNFU+Zx4hQYj1JJhMRfZNbgxm+z4FqqwmxGUgj9fRBdqeUN/74QxO4TgYi6PYMGp2n2FJSw5Hj6G1i868NcOw3YRvw/4BaCK1kKFnuBXWeOZkhbdJzmqszo40z0hJcaTuZ+x5P6PUKflXU3eyhDcnQRBLhmkBslxbnVfRCXD9BactQdkvACGZJU6hZ5P2se7V7xbErRwyeCB9TD5s1rdBvEAr7EkfY27r2ZH3KSqHtocv7n0edr4KjOXOV/q3JmvEuzSdNiS0y4mAQe2vMxQCdkErB6je6XgVKyDyRsKtksa9pFfPTLV6xwhQxGWpl25Lkm6g/YNPpbkeAD0FEThDn65pMCNGBa9Az7QDdJ2614uxd/DLs9EPIFyOWDRcBb6k++bUr8MoQkOqnDrhAdVaXRvp0H+C40f3NvyfJBzPDIW5wtghEL8uZerhpNIWWTx+aGiqXfnk52jOf+79199/+eXp6Kd//PuI//P3f/zL5irPvhJvd1TSuxLt6Qp7u8LeG00Rwelbnb7V6VudvtXpWxGcvvUhaGmcvtXpW52+tQJO3+oKe9eCD0sumXxtKweTxmrfLf01eHheNDiU0Mk0K2cjUw18AxxVTr0uRidZHGizpUOzJ1eB3FUgdxXIXQXyGrgK5PdbgRwucUD8OZwTQGSLG31pNd+XPpAe2CQxymALblPqY9vU+pk8RewyK75tobtdMm8/De0vD2C/YdWdaapkzVIVMDFSsi6COEj1xEylR+lK7xfn+QIWHc7oIiZ9/RyQP/GnX7DXy99+88ayagn19fvvI/wthY0JF+Tvv7fWthBdmPOYyQMZ3EyDYJZ5Pz7DJU79KTSf6RHAsYT3Vis+mT/8h/ESO1PDSx29LgKqp4CHOKZe5aXAY86K+Ty8QaRFZCXzfuisu6bHz/wB7skwW8lNxCs1T3DDkk4lXRQdJVoY/s27LGH18jn1U9JgCcfY/nXExnhq0MwLOUs/WsNAYSgpyE+M9iNCBBlek2s4/Ud2ONjWloHG3VdABWUsa6s51O60vK83pw7NMrn2oqR85iPSw8GuQrqxWudc9wWdrektsqizklAzwC1dLxOMGPTnVIFEv83MbfoFdhqe0JkY3BgWQ8VUAKaf8jCQkbhVL5H+b47BCkHUKq9W3PmzAI3yrdfB+w8Xr58zU8rskbjpUOxKw9kMaCMIz5EgNawHlCFrF505QHp2Ai106oc7W2WjLSnO5MC8wFKukiJmzxPm8cXyVZc8WwfEgHuzVBVXwVG2h7QRVhDZAnfQ7dMjMm8yxRUdkcOCwCu1LagMRQ/FtzysKFyFgtXqXqumyQILyMI3SyKXeJ1P84h780YjYUm/fIib4DMGx8MhzeF87GgvNDS55Za49kOi6OSdAg+uqIc2logT3c6of5RerXeKaFZtFtHCFrvlHhbVFUV2RZFL4Ioiu6LIrihyGVxRZFcUeQAyXFHkKriiyK4osiuKrKCv7kf/IlW8PZsi3yUbPcrkSdFKR5Uap6FpI1lOPTVOxXtUNd1eSlemzimA70gjsn10MfgXza96dJTRlpeFaGWRrYbIKa5kzq+G9pKynpJQU4vr37B4s5OdnOxUAic7OdnJyU5lcLKTk50GIMPJTlVwspOTnZzspGCNvjdNDGz/6nzkT0uOGKI5se0plFB7UzID3uwrZHjuSeGCHIH8jtSoDO+THCYnB6MCKUW34uZN0hmHkOIfFO1ab6o1Pr01uyt1amQLpdmLuWtXzeYdYaDD3NglBDRNt0/oEEbyLn9F24P3SjclJgnojPA/YpnbD+HOFqXc4Osbf4pp9JKY7iFzgMCwvpZeiSvALPaXBa10oicZQQlFNA3d12YLzrDxsjPYxRuKHOnN57p1lr3+7ih39Z957aypPZVLOoO+IgLkDSi9tqRTYJ9j/c73G0JvwgqEEg4Viow9gr8xjnZZLyZZ31XR1g/r0urikEoJDa2mwsCr8gFFt0t/Nrs88i7RsRN4uEsSm+CvFdy+l3RRKHdwm7YHFQxZWxZE3QRbqFOpnobldqiifY95w+n6U6o24cLAp41UC4XR49IXbtgo2ZIb3zG2cTykd9R4xMk1L7uZiIHOCntbC6dcTi1zCQcsiGdiMdewtvgXp4+xK/zyb6R6hM3MG+S5iAEgxcBT71A0+YQ6GHmH3N8TZix4cEO7URsQfpD77zkqOqjTIBvY9qCNSIqfu9qJn0mrVCrtQL9suhdfh5Sgg5tNxD/eoItVmGkdKzkFzWbC859Qa9WHIivZmHe9uNKhT+pAbj12J8KwA+EmlKFojn5AQ+byc8CKI+EeDIIQRjDEKKRlVydjItGGwhKEOCbbuLpHVv1MgqmPTWsvqhHHRiwpbdDST1GomukyG4S4hnFY9aYqi4j6C3BzzIqpzLOb0MJRyqPDIqZcxPhv0k89sUPbWTAvCZzLYjIGYdOQo0YgXmbH1ekeT6Jkcjx7Gjx95p98/x38Yzqb/fD9Tyc//PQs+On7kyA4mf04+WH208ls4v94vP6yOJ6ms+MvQHbi/0tKoPEi+dPbk6c/jt6enPQl5UEoSU4yPmRUxNTkiOacdSZL13Ald/idHlE6Qu6YmjC0Mnt/PEEZNi1haabCxkn9JSlZvsyqPn40LYQxUKyofbHLF+VLXuuJrvw0xCgoyW8TJzsmpbt+hEs6KcIoh2fqV/vOeRcZzvsBi08BTkKa+ITl5f998e4t7jGijYMmObhAqZzJXS/xZ9GPXGLZr7m+fjZ0RVWr0u9UnRq7NcXTWlvUO8L1gIJt9sVHk64ybPwKsq09L1kPrT+LGYIUJgcIxefiE0Wwk1iqdJWWSpHtntnUJOPuBbUnirb5hWqzM0qCzWGvkSFRTQtZCdVw/94bsOvsSsiXRkrmqsYxYmM7HR3pH85UYbth43xX+ljsuNKIMRbZ4lTSPkM7by4jZrWmqH+6wy7U7kJSvXO2pralsLs6aszgbUkSbWLYq8A3GlveURHE4aVGiIMO5fejLKk9seymMfOcdzgjiZViklnrhBuUO1OnyZIJ5007Ab468LvzhzKU3XCEonqDBT1taqe+YJZ4alrW8kjvBhurapFoUtnf5f6ulaXmopB9O115fTV/H2ARHcsRMHbRjgUbbVzDgCVbOJQdF6Zm25frAc3NlPK2s35q6zDsuTQr/a4Jg7lY/VEfb1J937qYvFjkj3Au9rXBVV+Dt7b6cutNjS257VyCb2A7W79sJ4mMjDu350W8pXteKTOGFvJIzzz65zAyTXkdb0nBpvUVi/H0rau5yW3syq/0H+yWuyxWfjzCAnAkGRsvd3nusWNgl1KsdxcHMXY4O23NNWtLDF/LhnhCNtogKljIVmIt/okBtZ/s03wPiqALKbYqc6kYl3R2VZOTqiCyMF2iKvXyyCMl83WYBTIZRWtHGMzLVfK6pjwvoxcV25ksMtA8TCDqMrJ4870hXAa23hrS9UDZfWOdJKlHp7tr1wab+w4WZIp+T1JRlb2WdgjrAg2vWpvQG1fhIe4lwcqJAg5PxMdIDtJOrWl1m4mkMMHw6f6l+mXbLHkmnXMtzVIOqd+pxnKOIjt3d0rqgVmnrJmFIYzluRioOjQ6UdnaD9mrnSzeWabT8WmDWTdn9JkzWEl6yboUdMGvJvNXCvsScW1Pq8dQToanNsXLJJ6Hi/4l7GENSN2+0Tb9XP1yV9tUDqmS6q9vop0bphcXXf7cNa7byoTWm7+hnScb0XAaHnROo52vUlRtE+fLzxWOIKsYF5SFGE/QlHZl0Rz8IZyjpJpHLi2rrFgBGTNnA2+20ig758kWgmD6VCrTifagUjYZNanGVkoT7ZxW72z6L9HuDKT2dLA1Cyk5//Sbfk5r+fnIzKvIu8c5OoGFWIYLNBRH6Buu8ja2tus3Lso2LIdVIs0HcjMNSqjZlCRRpcPskWLbU2V2fmim0dTJMre+dvpyVT6Q1dlHzsrGrJUD+FALWXvX914fsehdiT6FhO0anUmvExkpmEmR8sqwtsve+gQj0gCwxVTFOap2yLnqeplEMjUz+0S2qxOS9YgpoAjlLLN8wjmLcy4HGaZEZA8iPGy9ipwjw+g0CYw4yZCKtZkddC5Rl42Dv7daoXN2NDP5A+F7ZrlhbKg6vBGjGfnZeefAaoPrOeIfys22TMJgDa5CX37kXT3rbFuu8YVui/Q5WTFBByaBHPFEsAqdDf5NOaB5L89edRIHW130cDo7XKf/oqEP48iWUS2IK0U246V3yGSXfGWv/VsZzZ1ZmDY5OdtLXwT1Cr8xpBDopYhF4KwKrMiGGqeBEXZFXoD0gsmqMSFBeCXKPuq3bHsw0pYXaLn4KLwMP7GT4RtBIYD+8G6FCyLr9xqVHqMgjhYpDU+IWEJjilf7OskoQUPfSHfkBCm0abveaCIrp2Rxy9kALWmRBr19xM6ReQnZfXRfmOrVhje9OkQr3osIwhxlOLRDnbW5J4iLXhfYoXvgNbQpN4AshstOhYKy7HkfWBrLduZdbGs2ExknBqH/NX8jJBXRgsjpMmB/7Giuity+82/C1R3spEr7dS5TPoC5q8Hs4FoKY5AbMIAsFSVJ7Q6cjceKxlkY3y3OuP0GnIkHXw/OuNDmrjH1hloVR0kzlKI3QT3Hnrj6xc/MCIWLOOmUZ4w+jJLgugyKbGyNdVwRlYCJQ0EXRcB/KWJkBH/RIU1VzqDr4DEmYKKQfrQmwTrGi666rwydkR5tnXKsx8pHLRFFcugnmpM5FpMaL9p1TRJ6d5PA/q7uueHxnRYb6BQbNc6XkB852YxF0ClCLyIGtfOHYV9X/s3pXSzpO9Gu0tH6N7IagLGsG7Eu26yvIIBIY3/83upMCGrch0RRE333WOSGW9Ao9Xk7RKMdvbgzPN7FTW7wNgKH9Cfvw9ptOwCZ6IBR5ayQbvhRFhzVlHfMugOquSgZBoFRnrH4CDsPfi2oNpT8Tsh5otmNx4IEoHcouObkSKHHtOEods/c3NFOC+O7IXuiXbXXwvgbJnthfEdkTzbcgsZvjezdjQBjiCcCh3dB9nQndmRvgZWzbAgfN7zxaIYRPnNUG47jayF9osTZrnfbR25W7rYUxnEjU1pVzyt75K3swrb3LeHYu74PRlGTyaAk6wzT4u/MHGBnBGgyGjh5qgK24b5D906DfZgPV8P+EaGPfaZiCTvaTJba4QEBFLb6X3pvx/i+EHMnzz3892Bd+2dTUw8r8lxlcqYZHam6eYJoH8mLGO4HocvbGU0r4vDXIrgTjveTbrqsIQ2ZD4411yv9sHk0++J97bWjViRgx+j7Py2UkEuUCrdkechFQm9xiVrGB+m0kkZBTum7oRrTBn7E63xOkViiW0Veo9t+mozVN9e0SsIZRN+nHidUqVue/bTs+WHh9SHBdnVt6PKIWut4wcJNqa+fUdX7o+W9nq428rkdqc8aH2Zt49nQV1dEH27iqfszfyrenAjPCm6QigBmqvxCa+EE8vMke/EUky1NZT4+qq5I9s6yw68KRCJRoAkN1SGUi6nWR9DNSdYjjbep5FCLg2YnTGUxEb1Ba/IFDq1scf5rRQKC7wmfHxMbzQe1kymw9vdtixEHspmxO5sZVCbSrjaOsrJmrV2qiiPBjO1B9NWl6d/bWpvYRoCY9oUdD7lHGB2zAOg7+X5LfsWYOFeBj3NJXMX8u8k5WcKpgsG7T+cX+ubW9RpMfAg/UdpGOqK525hU9TcX+478pWJ/Acivrf3WoT5zP4yKNHiVrPzQPkakZwnemI1KvlH05M34V9Y903S0wyNPGC+97pvunZKYATnoSy0aLHWckZsZ+VGrFLL2pZ53UwJUHRdopPngbr2CAol/DfwoX75cBtMv1sv4rvapETNRf9iJLeUsMnyatjqGlX/zKV7SeFrq3Gvw49sPreG6EkYDFEX6bStpbbArZXzrzYuUMvGlwSqYhUpuLyVSxXBg2PoJ7P+DdwY+DvRhYl9zSuXY2+2BDPw+UDyxaHCQhgAQOErSEWPGQi+ARPgcE80W686ixRqG4vN9rQcpRWBsRZCXbF9UFBg38MA9j5BTgZuMamKpQwNXg0Ajx2+XY/2oDnqYxY9hTFmWTEOkef0dLdOkWCDBu8RyEeOPorLU6atLFk3Gjx71C/LoPSkLpZP8GFdKz0yT1dpPdbQk64KJbepXZ4wkAXycVUt6oYPiLaKKJR7CeZb7q7V3SDUsZpitCm7RKyDhKIP1u5yMZDooj5IuUZfQth+F/wxmO+5JrOt+pqU7U7FcdDGW2rdY7Eot+1UYF5254SWczr3bpIBLOVuKIGrOZ0j7BMYB8z5SZ4ivxuBmHYXTMOcSS093pqoxSOGFZcrO4brEWheN5ftMqiwZ7N7GRfk3kVa3unl0cTibk1s9pRGQXgz3X7MG4Yh32jzEeNsj4cZYu991ut3eHpkZQ0zEwbVUps4xL2wpt4ORrwe3+xL+DwWLeQlhQtCQcldH2KAE3ywnT0JZFKKAA5ScQmGgRckpv/h4usvE+EOSIe6i+J6GQel0LArytYzSMlvTvor0abjfcn0a7rtwn4Z7KOGnYc/F/DTss6yfhi0K/GnYX6k/DYPIhl3q1M0oxtCSgBoeQHFADYPw2V0wUMMm+BxaRFDD/ssJahiMvp4Sgxo2xeHgsoMa9l6AUMMgPFoXJdSwCTbvslChhgdcslDDoOXpLGOoYZMlGVjaUMPeixxqGOz2YGXdHVYC0QSlrnkpBfk78AyodSGZKdMyJZg2+QZxbTOYUArSe7+4CVwhaRB9NnOQoMi6KbTcyBFw4LrRC6r+4FRNpC28zQyrIUoW4RT4mQ9nXKtJHO+GGYSkxWB5VA5Kj6SnI0svmuHHpr4aWNSErUK4HKSiM7Q6tyKPB/Pv5ADmky4GxFGL7jSPTPY5qYEbe97PKLNLrt3UWmHVn0kQxJIdXID0a5PvFuWigg3CKDMHfsZ6GjFYnsFR3w6xUWwMSInLg7ITebQftWdTvWd4tQo7hfNmbVv4XjHc7Sxt/e7I0YHWxuJF2+3e6zjCMICw27q+qf17hoLUzrNd2Jto6EAL/7V5o2WmZHnJTMNL7zgoQQxpGujOJ5kRejn4VJr9AVB5/wt0Ws1WaFqN+s/568XYO/jl2egHEOVHLIKvAl/eTCYaVMlMgQbCCaok+zfhof8E54KpQPB/kmw9M8woCoeHQIb7leiHk0qLZDH7oaHBPsWh8A/3/uvvv/zydPTTP/59xP/5+z/+ZTdKbqtzAOTiDC0N5wHeEDvzlZARAnqvZtwB3R/SXz0OrmEppW1e6nBZWdfZ/ETYR7q3mWmmeOodyvaVT4C+n5QVBY9MlqBGDRiMbupB0giMoXvP3L+t3whvePZd73bps1gDNwFjOc8xLeyi01heTQZmfCYtpqSXkl4/3LI8F93kGN2nyCjB5ivRwiAnFls+w7ag22DPZ2nmMPNHmf5V6HGPh0Uk4TXQpDQOtQlbaxQxiZh2Uz2SibIxuCia+NMvlE77t9+8sfS6o25//32Ev9Vc6sYyheV74y24P2bJCv5q9eAqDcec/kxGsqCXawBE48dnuFdSf4pFlvRo4RzBe6sVG5V/+A/jJbaQduX+lrAIciQFmHovpr4FEy7GnxXzeXiDGBeRcT/0T8coWYezWAW40cNsJe1ywm8pwVNARz5dFB2uiSb8m3dZWpNLLpBXUs0PcEWSTfJkobEXct5+tIZBw7DScKp86BE1xOvDRRzBQgzCCvbTvXUaJlPf4ipd6qGkk2QdUHl/20vM/PIPQllvHrBd3q8oDL0ChoyswP0CwhAq8r7etCImy+QaRGlBMgx7Jx0bpLCrdc5OnGjspbdIMmVjjsZ75wCWwPqgF3suUlVLHxVSzcEicG3PmRjiGPaW8hCB1X3Kg8FEo7fqJbLQUHr5IBpwu588lfzFN+F5R5sm9cM72TFGuyryJsnRhLRKiph1Rei2pLZCdftkWEUMrY4zbIqRhCPuzQtbSa8GnT89Iqaf8Sm6I/WBWBfqQZBk8rQCSYkGF4WrUGTBtVnxponPwjkrNdn14BJVfNM84j690UhIpZffyob6nERAzV8FOXRxB/uqofktt9e1H3JUjkiedkU99FS3obT8MxpFMBvb7zrRuNp4ooWtd96D3xrZUFa+Zy8wxtVtLZuXHC38RxR5BuYuzJg/0t7aPXZ88heK+1zN7h/ztsKFoea4Q+8zecRE4lS5IonhSQVTHazB8NgtCzgNsxldllt63STTaZHi1S9FmCicB9PbaaSYPC5M6cN2Eag+D/oLAg5RFGP6pfhNFC6WVupZKx9vhGF+3uYX1prfTSx37/R0tY2HmcIVEjK43+b81NiAar2W/nqNnqW1aun9voQI5sYjVR23l8lICb3ELGmR+x4q0URqOBgTxwQd8Sm16jSJZkFq7h7vsMg4vF6G5IgNiFcNEnS9T5+gKo98pnXFeIkX61lzQvDTWIjrkXeInCxu64AvPRPTT46aFJA6Y7FVj+s0TFK4IdEnWcwtm/pI1TD7n3EMSTkre2PqaTcncxtNdTJTck4DmRj61aHUPta8msJc/YVl0VSRGvQ5K3KI0IaZ7OC7p/96VN0tBqPAYkum9K/wuq0zFtMb8uejmyic+tYIEVoTKv5VUdQTWyCqXFBhX6lVngDXI/x0ZXf9WmYE/IzlKn+aY9IFjQp04KbArT4ll4StYiqG1D6E5YFGP61nd+FPzY17BbUuCqqgO52/ysac6gKPGpKcsH8v1C51qZyklAT/KXvjqezyLuK9+zGBrdAbbMTvD78AXhl9lBSMa/6JFKiwI9s0LF6IZCuc34pwTq0poMOKFAZpjUU+GIZqkgbv4Iy0TEfewfvgOsjyA/jXB6Dh8C+rBsm6HSeap8dUpVi4/qiUx7uEB0qwpqgJegvY1Tu3yTmNMPJ4Ulav8rStXmW87Nb5hVii8yLtN2YifO380IURktVgPTUjszE6f1ZgYTF/Ahen11dszRgWXSn15q1PiBZUMJXHJAOJNFfW3sPg5rn3w5PqVWt768nh6XsJ2zt5+q+W9d5JmMLR4f0HI3yKxmgy+GrTGUrWdq29qEyOq7lxXdIZq2OMKeLNiZco0367HkrKwR3wI88kP4ISqMmTyF0DjJed73ux9shigcylsGOzub18u2UYYpiJEASlpSBNilU3eh8mEcfP4MjV8s8SWkm2r3gnz4h/krvEzs9Ebm/vA3kARMbmIpd58jH6IoKG6miz6kShFtEmXCSOgCBnUphEvJB2qeFYp0Uc2waI+IaGx5BUxWKEmtOsoGrQKd+SCxNxyurAOcpdzqlhkKLaEt41Ed7o6AwlwpuTTWTYtiP0xCsMIPEl34tdEmAkNFsRYBKPocX/0XyQbaizVT9MwQV5LBFfX4b3Hu1oNooyskmZeXvBoCPlrF9cmohaCs3mBdR0Eg0PmpxLnYR2QR1eK71lX62WZXpIUu+dJcajeStLufdCLK4hR5WkVLrmP8Qs9Nh5Kcx0/aNBAq+NTDQqN9n7thz5Hq3zNs49g4wfpTjvKEFPdo7Kli75bG0op8qSo2DnOBWR38Patzn/ZNrhnDuzziLFYKvLmCRJjraE9a63/p9lwzqMAWmD6q8hQlzY/awEepXRTONZ4uadJXEZou6BMd6VlucsmMuEAiJraSWzwLTIcmAKZEiVnSadrOKcV8DII9D/4TDH/aHR8Ai7jIhHGMi/DoyMr43YclUR9h8hj/BQouQRHk6kPMK9Rssj3FvEPML9RM0j7CRyHuE+oucRBpMY2yh6hE2py+bR9AgPKqIeYTCObSPrETbF8eYR9gj3GWWPsBFKraPtEbbB6xZR9wj3GHmPMBi3G0TgI2yK4f1E4iN8FdH4CIOXzDIqH2HTZdo4Oh/hHiP0ETYJfrXNw75NtL59fCvm+O5jY6yHXU7etvOqj+XUcCWZupI2zgnWDE6wdoK1E6ydYO0E615wgrUBTrB2gnU3OMHaCdZOsFbgBGsnWJdhp4K1zHK/85K/Mnu+rPkr//bZCV1yqnUTPfNDRoGatjQH/VvuRY4ejiKWNjRS+tO/04XMZMFsslkmQr2pc67L5Ak7lM/9GNhA3yrlIb3eULHuTlKpbUIXXui5kGIg9opYqU1mVCiIpR+jMJBMIyKIPQsoKx8LLFr1iW4bE6wOi+lwqHQzRXAm3D7tJMydEALZ9vx0Euapn96qtaXQ51tZe8Wqw1+LIL1lFy5oW8isE1HTKr2SKXdWySyc31KoJ9OpjZKCNhPGAjoaLYDgwb2jUb5rShb5kyD6+jflO9hrmFiLU+XAHsx0JsnmcnNJuvDj8J+BqCGWB4skhT+tejvMponIVckJ5p6o9YeR3IqiWTL3XMYhjxTvZoYgR8Dy2CmxqB+4HKe2ERRDNxjvgt3uLctX7apkKoenzrfKKtyOV3dSVZMK6rU+7ale0juC7nSM4s78iHRwBzUcqZ3m6o1rePTV1W3E+VhWbKT57axk41dWrrG0yF95vUZc891WatwZ+isVEwWnLE9auWZjZvLAOCeD+/BzkYklT77d0o3q7Hb1bpGzepBvdHfa2weYGHStd0ZnH3/47KBW2+kPlxe0j1h+QxlBiYbuMxco4dZlAS2vp8sC2tJP26Zpz/9JG3pg5k9i8F3Oz/3k/KQF+sMl/rS6aF3KT5fyc99bySX7/CaSfe5uU3wDka6ssGsJcm1Sabko17IzrnFfZ1I7YikbITjn3AZwzrk9I3bOuc451znnOufcTnDOuc451znntoNzznXOuc4513POue3w1TnnfsNRr06wVuAE63ZwgrUTrJ1g7QRrJ1g7wboHnGDdDU6wdoK1E6w9J1g7wfqhRL3aSL4uilWBi2J1UawuitVFsboo1m85irX145YHqBcrKoe1dMrMUMNzerkUPpJMBNEjBZvk8MyPytuy/WpEJ+uw5R4sj0i9qEYiK/sOHQ1Ca9Rbc6eqT9LqYHdKK688LknZ26nFVtVzyauxpR5KHxsB88kvUh+kA+mtv22k71ssiCN4pUCviJerXmQdKPiX2Duk0oRLaNmldmflm7orVdkjqkEb0TWpe2MF1mzM8Tp+LnVfX+LkOqYiTbFyZeXS0dRga+f4Fq4IK8tE68SgTFFewLu8beQyhg3ry5D3dueZ7bjHQOTI/PZimLYL9MJbFivYeRj6RzyIaBd1nnSHYC0u4G1C4IH8CboaE4rU8vWsEGOIuS8PwzlaWd3eCcMIs3bh33a+FyQuYkvaDib3yeOMToAxO9R5vgTpLnrpZx0qT2w0k1oD3Bg44ekySTLaSLiTUWuNW66sZDVDNr1F4UPHOZY3hDasESvKnm2H3Ay42TTMW8MgbdF7LtrREWNomblBfiTM+RZDJCkKd8ZLMU1QfZKxNIa8Qob4UimHkJ0yipy19k6HH4iISFkkiTisZcE94hN/muM5TVKUyboid3BV1XwY3zJ8ntIlxLLcGt9i//nGj9o3Sf8KNNybLfgXt6Y2rfD2PSIaCr9epAVgk4Zz5H2KicptPK6uUmHWh04kMtAU2TxXZNDB45iMhcFrPE1Wxxbn7h2GPYxVq2NKmGDUGlOKLlzxNMkydYdmZP/yXsg46SNvUuAxmvoYsqrFOs1DtA5C8/rzIgJ2PQi8MUUa8Yrq4WVPuB6gPwkj3FIU2IY1weFw0JUUrtZJCru3VY/Vs1hdbOSo4XJvfI1H3fgIu2940MletrOWkrX6i4gNbqLtpQ32ofaBytGAARq5ijJOYtV4w3BFEXEtGNWxbQSa//h9y5Saw8uv/DTE/dTHcn6W75XTudR5Y/ki8S0Ns8FtLm2L8kLbCXvaPhLFr6rZslq8cdP663Xgpyp4I1Oky+8ZZj+3KqIvuxRdpSm90u+XsW40xNFcamJtB7EnsYUlJvWAJE47xMgqtrfBrB1+GZA571a9DNOhvEFmX9rphciXhotQObFclfZZD5PJQByRjKy/DOMIcHlJS6nOozok5VQ1nPBGnBvpsICGdlSqdHzSM6BK12E2RQuCFHV875X4RZMBqVJGtWOc9YfvWeq57DTrw1awVatOqOs7OhJOa1oyfzYzFH8ea8oBkctwgQx0hHYvpY3tab18Bj5bjcleyT5Ixb6pLnOQJnO4HnOQar1JqanU4RaddSnMLT43VepaXd7/5QANoq1u+oGu5j510g0aaUXrdrgmO9TpDsXomXQn1fdUWLmcyAGA3+qb8/skD4TrFdsdlYecao0S310vE2EDypcFkdY+rXeyHjFVFI6BlQsrmy6DlU9aL+AtqOI6SrEkG/U0LecmXQjF3ar960JSXJjdWCzmBIh34HdlROK2BqzlOX1Q0iBzG1V2Yle0H96LX3w8/fzs3GKoteFaHeYP5S5aJmcwhFehLz/yrp5Z9CB3xoVukTjirJiITJBGX0Qxwu48Vgx/U4Yf7+XZKwtiMMxlenOr4GY+Ji8a+quwrno5BKkl31u8Mg+ZCOMVGV37t9IXOevN6yOBEzS89IVLqdA6IR1CLUeYDXQB5eYap4SOC0Ve+FGEZm9MwxRecW5IT781rB9DR1lgStKPwpYttFFvBB0CWsd7HK6OrDuHpQappUmDaZHSUMlNW2kEkElYJ1kWWvEICCWHGWl2HxU81hETTaDgaWFzPYp8Hne5MUU+IcmAlzOIDKJ7GvR2EztN5jUhf9R7waNGzXBcvtJ/MGkjM8dImTmMly0RRHilbClDEDvQHyGIix5pW8JmO+c1tF/NbMpBDoJ+3ePuscgWqmGnW80uv6gGoabeYKFe85dC4hLtCMXd4L21Uxwowv/Ov8F8p3e6Cyt91fls+QBwoga2s4tTqG7JJEdJXYcc5X4eVoLGKGeQ3Q9GRbbaOkbFg68Zo0Ivf4d4fEM9iOOpWWrRs6DjY2lUEz8zmxcu4sRCGjR6MlTQWbFG2w8r8alJoAtoG8sCwNChoMrCMdxfh1pNOIK/6OCnKhrwOnicKutnJLJ0daf11WA4oi+LCVniNJVp6/p4EiWT45WPGrfj9ZfFsX6iebNjMbXxok97J6F334n1uIubeMBttNlWO8UOjHMqZHMO76KbaGfHc4PW/sAM/Mq/Ob3rxX8n+lA6dP9GZqQ1NsAWbNj2O6HbCNoEdnm3NcCk39Kc7xjT3EkLqqXOdOeoHkKb9oLru+ZBDJ5N4Jn+5P1c4xAGI/x0XucbkUaxm0tVOctCDSxHSLd5lFxz7DF6yaRe8GtBnv3yOyE3i2a3HFFO7jc9A8LdMcXLWY9sq7HcFYu2h50ZxndPbkUfam+G8R+Q3IbxHsit7KQF1X8Ucnv3Ip8h0Ak83x251V3ZkdsF1UGxILjc8JZjGkZwzbFtNZqvl+SKyiR3uTs/chdyd6YwshtVLKdCA7yVKoR0L+RgoGQ4NM/PhghsMjmVZMRN7D87NifZGZGajE5OGrWURm0Dshk222sN/g58VBv2G+m6bF0fJOx08w2yEwzOXDDMEtDlHV+GzVbmQuCHgm6EF/0m9pnPpo0HVvC5ypNFMz1SlXLEJXKkyp2lUj97J7SU6xDeOf//SXdT1oyHLBXEWgagu0hVSLwPSWCoVtyK3Nwhcv9PCzXmymiABy6Twb+KtGri4rdOaYEguAfhBljxdVJNatcWxPp8TqUXROeKxEe3trcDVvJa00oKFyp9++PZaHJJoSGanlLWXlIShu0A+xuiNYSjqXuLtbHreVT1mep826rz/o5H5Grd8Vg20fFK1j1ai5H2XSZG5MFLEQg0NJRBfle6uyshh0GHv5+Ik6I2ONizGgyB1qPIOGHoJt8dodS1c7tyj1ULLaqrz0wl2Hf1bRUkZcy+8TkOpOHBRiFQjR/VfuQ4JoNdRL9rDPw1fikmKq5NTkuEE3q//f5oNBo9MnKNeiUbnkw2dXXyiDLveS8pZeqZaE9vtEdmKEHNAX4KpG/EpX5TbC6McQKjqT+i+BFviumpslugoKtj/jfmmIgXI/yQW1DxWKNFEI/xSpsUYTTj9q7k4K+ejk++Hz99VPbYlpUF4Srk6ci8rc/lI7RVPhK7T/6mkBbkk5BS9GRjIOiIlWqDj/B0YV+UYstIQ5bJ+qHez8FkmSRf6Ndr/rdcjGkUBnGOJzVc6H0n0myYG1EMDxEkmhiJtyovcao5E63GC2tM0Ood81Dl1tIDPwswlZXYDmrDjDzYAvqfE1ht/HuRJsX6udeGFjEasQrCi1z+PaogXyR3lKEZco+dB/mfGf30DprE/9b93lt4hd5dR0XqR10LyosE/yoiP+148RE6xSZ49lSCPbwargwsIXUA9gpnaZ5HXrOrEyo8yc63ZS/mVo/hdnardeaEHeKtWF+CP9VfzowMVCKBRIhMLdZazKgs9SOjs1fGrIhrIp5VunynwSq5YjZGhBcTQQYKAo/IR8GQ5ZtVI22JjrvZTUSZcGgwHaDFiqCwavh5h0Z5LZ0+o01Hck6uCZmR7xcPCrKHyQJjImTbylFfBJiicEQ5oUiQOmoIfsGA/DQgObmIjfZY8qqO447z/6ld3nDt1O7Het7V7uWhHKrsNC61eahGLRU5Q9SdvT6/MJNxKWFfv1rDi1wfxCagJxDecSptWhDP1gkshtjhIQX5F5NVmHNURpDlWUP19Zd0bZFwt8b8GzX1xWlHtod7yvraslrNcX1tKXnE3dWytK3EBhNhls6eSHCtkuFU8dvWkG3GHkm0e4KnRavNsdMlMigyQYSpDvzfNCC6gRZ/CYJ1RnuCEmtHkc5H2XTwVH+xDk80Wt0kBHpaa+W9LXtdH0Abw11/s10kEsl1KvkVk2tMua3qO3Ozk6a9YTTVnw+mwvJ2TvdMJX4obRqdD0KV2hww3aXfqsceEiEuu5L7Cq6l66wW1G1RxIDmoK/5xm3GfAPXN1Br09FmZdXaOZM+Fa6d2UTsnAERYC/EXuNc+MCOT79QIl596egN2aP6ENtVTZnk590EtsFW6bG7D1O+/RXak4cV2y7vkceZJ5NRhlk18nMWTDF0r4YjmSWrp2d0XD1ApN9+iKfBQRMlo9z7UjISIYRkSRkla4x1pH0qn3uzJGArC2bmUdm6dhL+3p9MvoT1x+XE8DyhsXeunHPpfib9eQ+SzoNpKi8glvve+ets/Ljzs/7gj5FouOcl1eMucIh5Y8QZ68oIx1BC59vylx7sOmB4pIoqlmy7VW2Wa18k56pcLVIi7fzcNukagyVe+pPo19VZla2l7kupI27WLlV75fTvJOI10HcbU5p2BfJOtseFjTa2jwCP6Gx1PG7RvJnD3EIV260VbGaz7kcPSA44ZUWg8VO3JpAWwrBYkDz7EkuLx0plU9q0dGxnhUiqlIWY7d4sG9WtyfG8/86SmMoFeWOV70F+j23D2FaSSLEe5cVC4pUxMJNpTft1L9873YvTvTjdi9O9ON2L07043YvTvbSA0720gNO9ON2L0720gdO9ON2L0720DdPpXr5h3YtUs0inoM20LNsqVoyF61OxyPecTsTpRJxOxOlEnE7E6UScTsTpRExwOhGnE3E6ka6PnE6kHZxORPfqdCLNw/xKdSLqjm3m3frvhZf68w7+jY+b4LqMyghNO8UooSALH8ZweJIU5TGhmPiu/mHrbnGhdw8n9M7F3Ml/7jfmjh52BdtZRNn1h9c9euBxdZJAiVIbqiZsfapclNU5bzlFpVNUOkVls8qqV0PZq2frKGfPX55Tya0k3YQxe4v3tijaBYQOiZ0YT8a1gORfLAg0l4niz6XCxigORdobKgxKWVeMN+yUi6e5kQiuxCkyvzE204ChkAI7p6XWerduhzp4fYOHqHQdd6Cz+klZaxeV8SqY91XTCZVwsQxK71EejhfvX7XpOzr1d/bF3ttHKkiSfMIl4+BI+mGcCSoMdBtLyx1xGe0YL+DUly93SGN0CdCCYlVBXZeuDTc2mjloqUvYLWEEe5U1T2j++IPSr6opCxGkW/5sFE/UUxvpVGLNevg9uje1Cvpa4HV6nDHucb8uwzUrYEV5r+4FYOCcYbJ53qGn8REKY/if1zdstYXlfJUEGfxKv2yNHx7arrAjy3JlOsOXrpMosIB5RYl4SUzC23CjwT94qt07YmmUHDcTiMVJPApW6/y2sX2BPfjDRN6GXYluOOUVPWG2LkJuG30ISMKWclM47dbFBOki4Aq4XWtpkYXPUnHVn3GvT6Ezwu3e+kyivVMR06Gr6R4f3QxvO6qHDqla14sxu61vjInJ+orLg/6G1Jt20O+wwCHe+i9keifzmVD/Gc20drSmgjKwPPAp3iJIZGIPSCrdKdBn9eY8wjqXGV8F6io/gL8OKIVvS0fm0Tk4jQ+OpCm1fCDUhUVZ+A7o2cF48GVroTZreVjKxQfYGYnNkyer2rHrMBjamAqFSv9Yq/NRiw0TC/zGWuwKNydIdVZJGpjWxgTpiKHLRuk1V3Lw1lbqs2BuJCjTdp5NjMxdRpRNzScSm61kytJw0mUy6TGW9JtJeqnDsNxqFsp/rfdqRcxman8Lhf9WedxalPe7TeBmaCK7T/C5NC2G0owu/uZjR4ZQeUujIRP/0eEgogpA0rlVps8B8lHzNh3ptlpw0LAazeswqoqrVuI2K84HCdzskGCK3MmE9fY7kbmTmC/vPhr9Ur2oxiLqb+lhNLsrbEpZVY+qQ9La4dy1Hk9J0FjGrNOyyRcssSk84k0oMxpEL1I/zkLpZLqtxIomWw8tpKyxUnPOVS9YMg3VW6hjFe4pxIMkmPaynYGloyLUmHAEhf0X0/7OgpRPoO5NeiIwI89UEhVilO6W2JaYi6xREzRcbLC1c3wLV4SPqmidbvcpZpvtym5pazruvSuArmdoy9papUCFVT1VWFW066Fdb+qLlKLAeAAr6k+SgmVuvXw9KyStfbdazNl0wjDCrL2UrO18mZXElrStQO6Tx8IlQM8O79JWxWi5UcEdTWlj4ISnywT55FoyV5PEQ9dYhh01jL63KHzoOA/gDzJVWCJWaHa3Q24WXAVpmLfqZGzRey7a8YQVUZRJBbZ0GuZwp/ggRMxpXzGFO+OlmCaz4MjL2OYA12lKkvXKR1/ygB2O4DYMZiGcmqg9rzsdfiAiQrRQFDzMC+6RFF+YA386TVK0W0cdOb1xVdV8GN/vPp1fyOTgJKIQ3eFL7D/fYCjB5ivQcHm24P9cefGVtu+RtFNdUD2VN1zpRST13nhcXRnyrQ+dyHyvKbJ5rnCpQzyOyVgU1KWqlRbn7p0f33pj1eqY7Hc6ST4fL7g/Y1zxNMkyQ2KKwi9AxK+AsCHZO/ImRa5KSfjpJAQikN4aDETrILQ33LyIvMMsCLxxDPt5zCuqh5c94SI3/iSMcEux65xM/0wMH8o1QALuJDUyD6fxUUtW8Q2ZasnA/SWIBU/Sw3x9qH0AU5lHlPkdEbbQv4s9v0qyJjEsDaZcMVXxkDb8Wne9nvbaPN9U7JHo9NtI+OKcApxTgHMKcE4BzingW3IKqE11qnZwi/Dj3AgawbkRODcC50bg3Ag6e3FuBIPG59wInBuBBudG4NwInBuBcyNwbgTOjcC5ETg3gmZwbgTOjaDaqHMjQHBuBBuvgHMjcG4Ezo3AuRF8K24Ed5W71N5HwFit0oXqzPvOvO/M+86878z7zrzfwmk5874z71sO35n3t8COM+87874z7zvzvjPvO/O+M+87874z7yMMN++P4CgDBZmGkTP9MzjTfwmc6d+Z/ivgTP/O9O85038znp3p35n+vxnTf/1yb3zNeQjcq4eAq3YR7rrahattUa1tsdOiFvRLrZJFW/kKUbNiCYTuve4Su+AH1WIWj2wqWAxyi5EilRA2smK6xCpkHwMqhXP8EbcUtl36I5gdvwJJGNnh4zdwZ6jaRYavjKD366WfyQXmHfDR+KVGwu+y+oacaqezTOb8Ykrg/GKcX8xX6hdj7Qwz0APmfZBfJ+mXHv5MUpuY38YzCTek8D8c6v8B+OUt9BFuCgvnj1bpA2iQbsiwbyB6kN1Wyhx+S+mU8Gy0exKYyt0fv//+WfN7Bsv47Lt26aqRbRRISmY2ri8XlMaI0Z6iNkqctOtlCLfbx2Qmn7Jc5EdRMm06PaLTXhvoNJylf4Y2vnRYl3uNz1am5z7Dc7fZeWSMtAP/rYZlwa69SlZ+2KJ6Kq0Dv8j19vCaFd+3OHH0IEB+vPX6i4a8z6cf3fo3NT/ciizEmI+RHwevxVXWb2KofWL6A5VuRVGdt2HM4prC5WO7ntABYdvAbEPjQ0ntEqRkyz2Gr3IxyVjsLUk9M6aeqJRnkW+jLb+2I/YXknZvOoxtCXP7rhsRjhp+xvFuusPOgvkmzqcvy00IB6tkLcxEaQBsWYBRAeR1JmXpkdJkl63OyySaNR0i5jPYQoA0b20IUGwzE5uTxkGv+M18CEIvV9AohjTiBPeDEDW0HZ2m3KJg69mcpAImWW8LduR0zoMgfpvxHgbToCTrwLYD5Pgz8SOymGkgnon62Z1UU8tE6EwCXVyRl+D/Pv/w/vgviVBlo6kqy5gzRIebIyUJC6bxnKyIKz8O58CMj0VrgM9fvvtHG1uE1cCFDvcIS4qzPVeICnK3haIavWqR6BgNFNgdMcFrmkLufyFa4wvRBJW2bVfKAdUZ18P8DQnV7wfeIXvcHOCfBzwMJRSahXH1cNjtNA0XC7TMtHRH5BrZ/yekv557cWI0EYvqu5LfnNWGB1iEsZVx0NIVsKLBjfcdO31Ao4ClJ8KRILuF72+4XnsC9whbJWB2S/8q8LIELZlBFI1YKJh51+Rb2dKPXCL2RFz7ad4pgku4+PDqgygPjFtnEUvzKnQJZIatMabVC+Q82hIwTLadSneWeYGy1UaHs93hyO5clt2QuqjEvcmRlphodzCyw0TZ72gwJrRvHSJjlkwzxAOaxbPj5Aov5eD6GBlVVAvjph/x7sqOSQV5/Cf6z6YTZ03qlrPniur3hgLsPTveBAPywra/I1vxcF5lAqQiDw6tZLlIY2dQ9ZU/Y7Lvx61m1Ts+O4hnsvpOb0eCgxoBARopS+C0WYzoQWwRbkVcPp2+us8TBaPf4EDtzIcWZpP60ElBq7YhL3tabYQVl5vwsCbH2sTmVXnY8vgFAzuVqvXYy3xgrmTPjqN1HK3jaB1H6zhax9E6jtZxtI6j/QY52jV6CTbgr4S7j/SS4R5IMVvrlK5Yww9KmGqATUT2pXm1zNB88mGNIg8t5X6WJVN0ip2JaTVYmngekySJAr/s0r5lGMeQ2I29BmwIc1cpcGPapnB20RoaXLRGBVy0xqYTdtEazYh10RoKXLSGi9Zw0Rr3najR9DM4xRgAP0J31wHOLMZXijsKtQZK+aU0jHnpZ7AaAe4w1cYQDrbqJuHP+sK8X1bf7xwy52iBt4YNag77FMQ59gZroBK26UZsTuwbsy9yAK17e5t8qRibN+PBNW/e05x8xK6zkpwCR8Cg2cvkGmg+HOlKi4ZyfGq4mwD5zdaY34eO9ib8rp+z/NzuljYkjYuV/1lZ+676Z9vDPA3IGrCSqVv0AL3altBQMSdIw4G3ChdLcvzydNKvbtLSkQ/HPBZW94F5LpCFDNKVPhXIwZQWuX1yqAsNiaemnYfTmdxWDpXkFLpn13y0emdfmlXpcIhly6KQdWHlKUkBGhXQ00YdufJdb1nBNhrROFDR+bs2uaD/6L8ptSAlgCBTWdPSQOxTPwcxE0YJi7KiCAlMESHkp4aGSSDl5D0y0SByUGThUMO6Ah42TZHt4/7bJt94vMTkz1pkBOu5C350P1PPky9wUbHVxtzjzZRskforEB1BwqCIk3Ua5C1+8B14qlpO+6+3qpkULziV0MRQh5Rbbp5C56ZuPp27iOlUWQApXscM6hTvNoyW0l4GxmW1u/BNQAWGb22ySynuq+riK8UcapXYbKnXmwq5p4ksvh4vxjJE7cg7K+KY/nFBZJrk/iOP49K8IJ8O2GRff/5q0dMOk1Z/7QGDu63MbRU96Gpwu2BEF4zoghFdMKILRnTBiC4Y0QUj1sEFIxK4YMQKuGBEF4zYMBPnuu1ct53rtnPddq7bznXbuW47120FznW7Ai4Y0QUjCnAcreNoHUfrOFrH0TqO1nG0jqO1wM/XztF+I8GI8CxZJ1HSW6ircRvQbQ3bz19nhS5lK1usOq007Y73Hy5eP0fH5zBTGnXEURCTo58x6QvRahMPG/jEli/QIDKPfOZBp3l4hT9w4vyZHBYafjOuc/c/G9GMl7poEP65DBdLYD6CG2DgQ2Qp/Yg9FZGToPiSMBdOxFkunG2QTQiRXcT3myxs3fIARQDZWvyMe00g6iV+LhlU5EbQHStocb2kKQvMbsSi9Ls8dzk845OJ2DbKfb3bkNWPP4Rmz4rWYXWWyn0n2pIuWbJtsygk/S5DseR6GHNtj8/xvBcgRxSxCADFG8foj0rOzkwrH9wD2TohJzj9pvKpMfdA2T+sChcV7lVWfqSbbsYsd2NwhnKdBxFrHUnvvWZQN+lMcsOlTQodv2OkeRM/a7NFI9gUvm6onNH64qCQBQYrWzXCkCLMsPp6zMI6V8RK0zCjYrAsJmK4A/p/yu3gVxQbHEDa0xv6VU+QnAkXuBzuBBIcqWVa+TSAKcINZUR4KddOpDm35D8Ag+7p6tciSG+JimOrOgyZrN0Urk6BgatkFs4pFrn1+ipDhZlo5iUwPnK0AB4BGCqN4M6We6M7GKKOgsYSHtD2esdBMsK7D3ZTZpSZ541TYU+SdOGjuyO9J6uS/LNvYx1SvRBeaipe+UStJ4zhlosdq4ryRCOxDLcMczV4oZ6OuIcunxpj8gO3StRV0ZnBapdYvCQm37Et7Nf5TLQlL6i4WE0wmnpeodwYcdmJM1GNnekN6jvC6Kh2lSl9XiZYC6ZHMuxddy6H1Umw4WLIHxMXW6xw/4lQksrI9fbwZkmQlTkseXkJflNea10T/Rkpj1Zj+QsMVMqF+q7pqsNhRf70S9bSmVDwMeak03W4iJFctw+k3wcFoc9BsHe/IeZgeV7MgehvI/GdGe14QNZw+KSB598l3yNUu5KfS2j9VsCzUIwxYhl5naOWTsorMA9TXBcOVo8li4Xe+FFyu2ryOmawSyHRQ3OvrDUOyIr/TZGWqoK+Q/7pHQOKwNDaNsv2MzdRF9Tg4mW5nYLAiecQVwLFV+Ir3D1TjpbmLaQ8K46dl/aVXllL0viu9mG5GnzDnumgDIJN7ZwMvdfn2jjkmq5NQQq7FWdlvWAgfYLkR5EgbIyibAvz0nrJuXTLdxJY886tiM8zJTsDy+jXRylvgmvU0gO+58H0dhoFlQ9NxUVXqJgGO2a/U1DWMIxdwvgbIZlUTSm16fObkm3SYnbTWvRxKuVkPcwsGYE6eu/ypAOZf6lZruplYhlWrGPUjVxKnzxUlI6prcv+yxTBmnvtF8wZhi7bpkJ6bVX7V+ru5PXufm2PBYK1JCxe30BgYbBeeIahy4qwXwmZYY9yMsNdScsMdyUzM1hKzgw28jPDg96U+5KrGfYmXTMMkbEFOnYvaTMM2FvWr7YbkzUM3RPvhW8E59cLf0UBeob3K1yfqRYWWzk9GwbBkMxpUxGRoxyA9S4zgydpYN1A5MYR93Z6GGAIvOCG4SNE3REGuz8ZY5zlFKPpFaME41pQjyQwM0tBCW0CZGluwlWx8qIgXuTLNuFPg9JDcLjS0s+WdIwWQXfOQ/G1LQHoV8MwDN0O7SqZEocOhyCJF8JrKhcceP9WaNXT1Fl0ay2NdzjjgEYxmn8GafLEgs9oUuBQPjtxc+KGzG+9Q8olprIuFHmSTX0gSE/Y8ocsUhbK/DXMqKEEgXPoHYSMHSd89GHPTufC0K95YeiOQGMYMefe+UbcfSQH6B7bo+U6G+kKamoe/kgqO1qMzg0duQS4nkuAa4JLgFsBlwB30wm7BLjNiHUJcBW4BLguAa5LgPuQEuC6DLIug6zLIEvgMsiGLoOsyyDrMsi6DLICXAbZry2DbNkVQdxD4scjFkEl02YkO0UJtSjFvvillsTPZiJXdFJQzi2mepLzsjZ8XUPnw046+0BT8zZ4uhlRSML3Qa9538qVFcg8lM+l32qIkYl3JzCxE97EG+TdHZJqVzbgcuO63LguN67LjUvgcuO2tOpy4/4BcqO63Lh/7PV3uXFdblyXG9flxhXgMom5TGIaXCYxCS6TmMsk5jKJuUxiLpOYyyTmcuM6jtZxtI6jdRyt42gdR+s4WsfROo722+NoXW5cz+XGdblxH2xuXHbj/mvgR/ny5TKYNnguNA6wO0turVUZiqC27JE3CzOV4wQpWQoyYUebRki72W7Jc6IxAZLKt2CBMDukIfAsulMFDEsU8JqPshglee37TTPWMawymF/Sj9xPF0FuuOZ35fxFOJ2z6+dz733S1JX0nxYdWTWIhzoLcplB4AmI4hZN42xDom5SWCG5rdEzuwRixQ3qXkqjxCNqGoDRFYXzxhgLt8mE87QIWiaJSTB0jCbsfaNpdUmRfM7bF7vv6XCCBnrE1iXvwEuSqGEIdI6ap0rzDKVjti9D2LqzI/QFcEhY+Tef4iX11hoMygCM4YcGhZYJI+s0C/rdO8jCDFdykVIQbhpwEKnAHQnYMo0JHlA4bUmWewfvDCwc6DhUzsJDue96Oj2QCXsOZKooTzTXvUwlXgzQNkrSEWPkOW2Ljo8x5vAcaEZerNEHOCla/AkkDMPi+1rrxh1AARmU2IMzwVAEPZKx+u7t6SZPVEy0JpdeIdeCqWg58xqODBYzfpwbZKOvm2WaFAtMI3ZJ+fA+Ch3m6SuVFK+PVCAboh22g1xpdIzg7hVwSzo/HSfQocyVfTlpRpKcPM6qSliKfTQzKUh/b+9Q5HenmGRFFvoSvYzKXgrUIbQMVAxdf3fZj1jNfUxJd6Xy8ilvetV67xKbro4nT4HdjTGQsC8LDdwht0kBxD9bUoiv4ItMDvtInRhWhcoAeVb3PbWh5L1k0iB1FyKb/y7pwVm9+Ua7hElxLaoKIAiDAqcmjdtD+/pPaPU0RgGmD1B+QEe8r+ZwTQezow6WVMirPf0xK4A4iINrKYkot285ebNwAsXswv+hQDUvoUrINjLBbaM/nAm+MUzWeUfhFabCLHIkpoYDdHduCYF/y5R8fSYcE7Yz55gwIAVgj5mndXxWmQL3Yf4x4f5MQSbcp1nIhD2biEzYo7nIhH2ZjkzY0Ixkwn5MSqX1sScQ7aYmE4bThiEmKBPu2RxlwgAs2mTd3ASLQ8xXJuzXlGXCQKR1mLhM2Axzg0xfJuzVDGbCAOxZmcdMGI7DuzKbmfBATWgmDFiUVtOaCcMXYoDJzYS9mt9MsMaYdVrjISY6E5Ti5GVHFkwThi3Op3rzkhEyy3SUspSJjCAqn01PFzJ9nk/6rUrOPDU9yspu9sHZv1YTWUfB7+kGLWRT4EY+nMHpHQdjcYQbRs9VAVhalEPS4+jspjcuDGHo8aivgRla5bN6zNCt3Ipk47KeESXTz1ml19uZUVcJ25b6r7EouyR5bFNvtPQxF3KgjDkLkEu7FNCiI87SQB6HIMsGlJZR5OZE3aOMYe/eFf2KBuvc893p+UyATf2WMmE/905shIkhCe1zG8XuJu12JPkz4e7mZpNnGaEjj135Nbst3Zr7zgRrMt0Xssmg9ucZCje7pMcDTB3lTOFNFo6SDSMzTRg9o0DRnqV9urFJgoM+Dj6V5n0ANBtE/wz9QqbBjBgovII90/bSd4JfL8bewS/PRj+AQD1iUXgV+PKOMVEgTYESBSp7Z9+GO/SfiPRVFD8sidEzwyihsHcIhLVPOX04qbRHFqcfGprrVtL5OabzeO79199/+eXp6Kd//PuI//P3f/zL9upjix1/H2V4S24UMsvru47avB19hvW3LxpUtOUqV6qClFTMcm1bYSgH1qGLPqB6XMxHqmeqI7ifWsJtPbrKvK4yrwBXmddV5v36K/OisMD53DhPWicrbb/k7+vNqlxEmJIXC8FUkiEyP4J3+GqdcyZoNE7SWySxqWq54nrr6B7TLsAGm3NxHvUFX1PpF+FRNhMDHHsvtN8CbIinPBQkQLfqJbI1kJdR0JUhvWYizzCd56xji1gcOFqk1A93vkJGm5LRyBNMRuqvkiJmTQXfruVCxWq5QPpFrX7szbApNolQpu+OnslNhJGki/o8PSI2ldNEiM5IkBVUgdo3yvqgJoKGFoWrUJDVrk7Zvbhp0rrMKPECl3g0p3nEPXqjkZCaLrddwM+YRBIORQ57ccfr2ND0lst57YeU8Y20DfDginroIkns+zejMSD/Z73Komm10KKFDVfaYjFcMXIEV4x8J8XIPeg4DZG9tN1Pn+X7VYZnCgJIskKOZ4DMJt321sjXdG0xO8lFuqkP0Yl/kN/UODjxoJIatQ0itOFodN6D4liMU65QzwIJ56HqCnivgX7VmgqzWtbYPgW8p7ZKyb+5IQDgkhWAl7bIG6bn1Z2/gQvSRie6SYnRV6VejNyM7LzCYfoKCzJJrIlfvL7H1Xbg98swjoB3uFQVsazGU3Ypb1QTeJec21dh/dITcQrSq8bnXdFVvtpqMKIjscUuDZxw+xh8JUVpCkmSpYbUr9Y7g6HsKLiCNn0Ql1Qma9kamTIuNcqzl6J2C7tmX1JRm4adqlH2yz/aGSsNgzT3dq4XlV1q+lXIwdmgatDI6I66qwP0mS7ADaaAPGQePDf4D3mLisAN45rGd8w8zVW9mrnY8mxaDWGjGuHm6H8O2LMLy79gvaJ1iHs/Ru+E7OpkjC6BJc9DQc3JV5BW8UjVOtIsz4j1UrjL+6k1wtJP0ZVgptNZEwfdNBj2l5iqHMZwZmfFVPr4cqFbrt4U+rUh9ZeURWCzrartt04yrjoqveDihHuwKnrPgBlbTL+MZTGh0lSGMT4LF9lxdcDHkyiZHM+eBk+f+Sfffwf/mM5mP3z/08kPPz0Lfvr+JAhOZj9Ofpj9dDKb+D8er78sjqfp7JgKdf1f8tEaL5I/vT15+uPo7cmJjaWt5CAglX2jgmt/jWjKWW8ECYK9Ha6noim/REdsn+a13sZ6XsBlBBHjBWpTtgkTPzPa8YD7QBac3OP5d0lQhEOwDAJNSAZZAYGhmmW5MM23HYCyFDEPU5QtYhEBJ00UM1UxuCOE8BW6DFBi3Ofmdbgkw583L+IpMQc+p01fJMLleYK2klVypW/7GM6+4RfenYS0uwhmz23TI4rYLZOtfFJmf1saU0wxKexX8AlHHShTT+n66BkR3QlB1sVNNSO3U1iwvWsfinCwe6HARhiwFwKG8C4Phel/EMz+3pj8B8LcW7HOfcz8Vky81Qh6mfYhG34DJv0emfMNmPKHwIw/DCZ8h8z3w2e6t2a2+5jsTua6m6m25H/bmOgr62xTaPJoqBYlz2J77pteSoT+19DaNmzdz9xEPUmPtn+hwyh5fAiDPFUNxVe4ezZitDRvkeFnQLaWV5pBt9Sqv6t9yLG30uG6gfXv2M7i6u6cDL3Xp4UecjfUpiATHVUK1egFW/spHAoq28WJSKkI97y0XnIu3bl9JHDoHLciPs9U3iSkifVRSqPUNYbZAb7nwfR2GgWVD02muKsAogZbFXVHkiQNwy0BwqutGiNZmz6/qaQAlWKpaS36VSyMf/ZRYlcVUcCcWWGF82m/KGSjPkBYcXCMbuRS1mOgPBDU1qWdishaGVoqPb3rtSuV05VrWCmja0SSZ/VMPa2l4TW8Q1GWV8gn5zjRaKWWr+Esl5RoimW0qDVGh6S5YhiK1rtIeSUmuXXiq9qp3KX9yyYRFsMmavt7SIrFsPPUWKrZPSfIYrjnNFlq8vtNlsWwt5RZDLaJsxjs02cxWCTRYhiSSqv8hXV+iU0O9L0k12LYNMUWwxaJthiGptti2ATHe0q9xbCnBFyis+3TcDHcaTIuhj2m5FId7iUxl+xtb+m56h1uk6SLYbNUXQx3nbCLYRAxHpy8i2ET6nKHibwYdpXOi2HfSb0Y7jO1F8MuE3wxDJEKaAQDkn0x7C7lF8NAfmZQ+q+GEVseIIR9pwJjeBgJwRgeSlowhntMDsZwTynCGO4jURjDDtKFMew/aRjDYBJjl0CMYVPqsmkyMYYHlFKMYTCObX1cETbF8aapxhjuL+EYw0YotUw+xrANXjdORMZwb+nIGAbjdnBqMoZNMbyPNGUMX0GyMobBS2aVuIxh02XaMIkZw72lMmMYiE9rh16GTZObMQxOccawyTLuId0Zw56SnjHsJfUZg1UcG8Nmx2yvydAY9pYSTXS3j8RoDEMVBEOSpDEMTCfGMJi4D0qbtnkflinUGPYzc9tgDgbL1Gry5SHHxCrNGsPAy8Mu5RrDkMRrDHdsErvDJGwMe0zFxrCHhGwMu07LJlrdTXI2ho1TtDEMOO3WZ6Y/aRvDYHcZywRudX86mcVNLVab61n//tt/gjSGIfekdbI08foGOa0Y9mL732cSNYY9plJjuKuEagx3lVaNYdBVapNijeFBb8p9pV5j2FsCNoYhadgEOnafjI1hwN6yv53C+Ax9Dc45i9jOL6kwJhcZzXGJdGUkTbGqjAy8wIhINz1ppeWD39vFRHhL9C+O6bDw1DuU/ShXPC21Kb8KZACzBG1iWXeiUQbS+cFY+jgfu+RADPY+aDY6+6EL+F6YzfCCLuLwV0weNUMFIojfaYd/7IVVNADChZmViggEXVgcGlXrMjOc4BtiBR5nNOLeTg+DMXDNU+VdhKg78oJ8+mTsnQKR8LNAGyjRrZJ6JNOkcAMVLLT0AYtIsuzPmqD8WVh1tPSzJZHEBWmfduatPSjrIsPgnXG/GRgZ7jMPI8PQbIwMwxbSKjMjw0areC9ZGhnuJVejmPrdZWxkGLTIg7I3Mmyy1g8hk6PAzsPI5ygGY7tU/bkdGYauTXuex1KsHXCKQFaFx1MuYun6t3pr8se6csA69aMnwy/EaE761T3NKSHRMUvKlnjN57feIboeqUgmv8iTbOrD1nvCHBYqETjWWYaocCAgTqB3EDLJAyGjD3V3w6jBPkOZpzdaYegmuijH8MluZJQ8/Ae3LzoGBDdhRgtnxKhZeDuRJ2a82+x/hoJyD/62Og6KQiglhhLDXxSwspHukfc3sj5mU4gIobARmoxkOi1S5ENCwSDpkFYdhwnE1YclFOfzPLDTbgw1HwH3ehq/icLF0tpQYx09gzA8gsb8apAtaFMfgXcaBdpizBzsCm8SuPDn/NTYqGotl/56jX74IjcGSgt49dh6ViOYm5MU8txmJuM59RbQqlRSkbPjBo7rKkTnE/TCDi2z4SEk0SxIzR3mHRZZAVf4rSfMt3KTqgRaai8/QemFok+EHES0hScyaPaczgNErkUQQ+ORd4jsN27/gLkQE+tPjppMDWQ2iK79W1vXCjwnYZIC24JRHWKOdMF4s+Q6No8smWRkj8mA4EcEc2sJZoVCGtAddx7eQN/yVkW3A+h0CnOGa8zeR+U1e/8+l0mIQuIfRCffPf3Xo+oOMpMtk+yVKYsLvD7E7ZTpFHkzK6ZoCHJ0GOdR1WRHfBvvKWQotU1pAqypiGqQXdrZmBDwU2YW/GkeXploeZwZDIQt9reOZhuoLMZlg8Y/rWd3GZnCnXgF9SIipDkNRDb2PgqyQGQqtNsrNQ7zXNy5F+gI8p+yR57WXdxxvM8/JrBdrMJD+ZvNLpNXRl9KGUIJtvgnUm+JZBV11hv2u1B03Qp2X6tI6IAjdUI6BfiypxGfKUDB0DkdnAGfkqyOvIP3wXWQ5Qfwrw9wF8C/rBv9mQOZtUSBqdPR6ngkc6qRHFfCBxBzgxIJZZ9ljwFQSnumgydo/Tqjwfp1xtUQF5UhnAywZOdFaucqgfCt8WMXRmBtg5+GaU3C3FuzIkJ9/SS5CnqT8FWGR1dXvYtBJ6tQOin4f3+SJVGRK2H5MLh57v3wpHq9D7ll5TD1HYhtnjz91ycD4jqQLcBRihRkT9ENhtxMtJkDVS32Lb6oTJTaj6aU82nGOjNjunhb48XN94p9LyXN6o54omeSJ0JJ1uSL5I4CJtA+4qhYe+FKML3Ck4adfsq3aIaB5JkIAlNqLFK3WXel92kScaQjzkBti1lCqxvcTDHzw8kz4uXk7rHuRB0B7wP5I0XGxqNgJfKg/CLCPOsotO5IoRpRKBy3joDIZ1IoRhyROrKBBKRFHA8J2fMNlaAhdYvFCTUHXEHbYIqwA45QZLNQB9PdAr23QGGQsdry7oOYb3zMNiHmm5NeZB63vzSINxl4XZTs7rsm5EiktibkJPZDq/+jmQDYUHnrvvg2ECS2RMR9mfjhaIezUtR1nghVDWwKIUQg9a1fhpoQD1AGmJda04k1PCpIacTZJuyn0kK32QO1ZdkeqiRv67a+CfEkqZpwoZw4vRdi4Q0ZsCR1EzvxIWZhzbZ8ixbyYCUGC/G28tyo3LTVF3Im1su2W39fi3JdDBsU7eqdUoNSwbZ+F8MQ7YplLa+G2e6qohfDoLpeDHceFfVQkvmX4e7qfTEMD18aXvtLfrcZY/lwSgK04eEBVANj2HtNMIYHUjygDBuIPkMyKOyoVtjGY7WuG9Yw2EGHb4saYgwPoJIYwxb1xMyZPIyqYgwPo6xBGe6gwhjDwy95UIadVRtjGBqmalF5TL5qU3+M4c7iTi0btkHCiFOhd77Rgxyr0fRPToi1H3EXDitaQJ80lytY86M+duVeChXgsIeXKMAZ7aBGgWyms0jBR3rpD1ieACfeWpigaQVcZQIBpcoEO1+3SnUAsYDy0JdrFGRmEDAv2gMuVGApsQ/W6PRfJw8kgBuPnAvIfmixry4g2wVkP7hN6QKyy+hwAdkKtgnIJhbBRWUTfE1R2aYctZd4bOzQRWIzfCOR2LikvQNpicYmKdlFZLuI7N6pu4hsF5EtB/NwI7LbQrHXVhJ6Xyy2pJYuClvB3TBmD8FRhxbbueg0gXPRcS46zkWnG5yLjgbnotM6WOei41x0nIuOc9FRrzoXnU1G0ze5zkbaJ9I2/JGs3Vh70tpRy4OmGhGlC0IQyHMudGEmLkgmwsJHxQyNkpflg9zOVU47SsSUx6CLnsgByAw3wtyjx2C4D9QJSqvg0Nyd6o1K5mFXShvpm/U9lb22ce1VzhjgqWiYTYSuj/eGbZBfpD7QcanKbdv2ttf7W6pVwmqjUhUW1YuMGkRnG1HoBPOu8AXRTq1Nb51JoIPiKMtKREZg3RtXB5yNWffhq6uCCCMpP2K4WmWAFw0XG2w/iPAWrgizoKJ1ErqmWIypi2GRqgRkREhr2PJeL4e2CrLMb0/TYLtAL7xlAQw0GaiIZxbtos6bLKQYuRnkfgjMgj+ReiC9fD0rxBhi3wIPdf2t+vPeCcMIs/YUbbbzRZ0it6S0RmqfPM7oBBizIwkBKHf00s86eFBsNJMl2XBj4ISnywQd8mRdpySlLVetUK6Ni96i8KHjHAPoO8v5VhAr2KvtkJsFQOvDvDVBjS16z0U7WtIjvR5XzuZ7BpGkKNwZLwVylEdexv5GaAnPEF8qeBM1I0YIbGvvdPiBiIj6Eop8h3nBPeITf5rjOU1SZPG77Dm4qmo+jO93n84vZBotVbzE42vrP9/4Ufsm6V+BzjpKJfyLa7JarOtIOixepFgOioZz5H1i9m/jcXUFi1ofOhEUqimyea6oWi4ex2QsqgkTl21x7t6hYn+sWh2zOKFtqqqKIK54CnKBukMzKi7svZAWfRCRilyJSdppSXMPrYPQart5EXmHWRB4Y7J0CWWCbuIJ69n9SRjhliKr51SoJJAahKt1ksLubfVF7FmsLl511HC5N77WWg+qtZ5TJ9vZzrMKqelj5McBeZz082fl9xXjFOoCzvCCt8Y3lNNFHZc8pAlIakEtZUifd6yt25XNySg5qKLDr7T0nGvJ2uT/Kt6zzZvkVKREzEy/JlIdaNqocktW/XF9ZWzBTZ2seaYROr9jRgo6QpvwlX7OtUHbdb7D3Nks1FflOvSqfw5CmKcBGY1W5BWJjLZ+oSOLTBjPU185V8orDu4pyrBYMCUTh7D7CHcIeuaxsKK75rkwM4iGQi1dXuT2yWEOtZB4V9p5OJ3JbeVQ9WU26DpavbMvzaruSO57WRRyTeHylKS3HxY6nzamp1CKuJYVbKMRjQMVnb9r47/7j/6bUguS05aekTnp0Hmf+mh/h1HCoqxgZ2Gx1zASckpDwyT4HRGXI5WeKuGnGtYV8IppiuwV9982+cbjJSZ/1sKLW89d8H37mXqefAEujZXB5h5vpmSL1F+BiAacPBpx03UasMfAIDyVN5rN9XZa/0LeByW1Q7nl5il0burm0yn1LH+hNLjNybDL9tnaByraAxc0Fwl1mdEX7zaMVoQmdYUkGdb3H79vmVSzvX29BPZxk136ET80y8ia4gS1Suys9EyYCvmiiSy+RvfCjwEZFI68M84dduRdEJkm+fqIDgVIfUE+HbDJGklU7UdGvKH1RR99pFvGL8VEscUSWUIa8X77/dFoNHrkr0NZ2bys7JeFwK9OHn2Bwwy3EdkezkR72vb2yIxiqQVgGBp02DZjVGNPihDzQ1Pjsuurp+OT78dPH5Ud5aUi7mYkBiNPwHP5aARjfiTMbZ4aPCeXzcYiXmVcbecRivTYxSJNivVzr/U9blmORjivy79HlUF4HiPqtRzGSxoGPcE4qb81PX0bioSfayCeflSfBC/kEsSH93ooI3yNn8DmKSI/rX0IT8l7/rnhTSHQTY2MSpwZEcSX6GwVqy5Kh+lC5LjjYw+9TkUslxD3mybtef8NV8FHH+vijlWQiPwKW4TNuFqLd3kNXywk5eMNr3Lz8OOrEz+CU8qWE7ZTyY0Nc42Bmf787Lz0c4UoVMbZwJjjn9W3SlqbZp7YOEilw9xNknDA/FVJNy4WStvipCeCIlxakxy3hLmdI31IlSoVdgX8mdOFu4gpPzm3ncloMEHdaSuwAZ+LT8dV6o66qTSg0NQiNtpj+bw6joZq94swl+RlmqxWBRCSW7a1IauepNnxDL16jrNwMfJTYEzzgO7EY0DyiCYSs6ffavYnReAaSGiNttIBHbA8eGQFh8oRL8xqqFWQiuWz1+cXZtRVKANFjZumbX0Qm4CeQHjWK44WLpZ1EsbCIzMKSd9VTFZhnpEoEmTkiFxt9qUyy3I6s5pd9LRD8XnHa0UW0BEugtVqNYdHtlmiBElvWdrKiTaFcpncrcSMNdMzhg6TFC0Tf9Kn9DBeLfnUo4MYIxovHB1TqUbUxCPTXqqzGN3i+9T/cxHP2lKBlkf7gl/lw/Dx9TvYnuws8PKFN+FH7BYgePQWMVK6wEmPjfLMxDweZ+If3hQHT1rlFrFbcpCT25asbD0KBWH/s8BAqxL0XJgQCTNpQM7k00AS1b8pu72yNdYumdblY2Bfkdc3wIxGt1ITfFmkEbmAXYpmL70VhktPlL0CT35b0YTTeeMISLXGfKysNK4UR8KYdpsU8kZBPYLqvXnw/S6B3Y5SdceohsQBYgjtymQLpRKxeWu/bSc0joXeNwfEP+xwVGtknewG1OmIhSyYiCGWqj/v09lbap+dtueqMIuw6KESUdx5axRohOdNh5oJWCBslEyxPjctkqqGuZLc6fz7VJt+Ht7IQ7JMki8jZWbDT7dDGzDLO0EbtCPXF9uU6QXkQUbNxuOMYpMkI2B7phHMaKLvv3/W9SqNRNvEfaafPCiZRfhk9OMPPzz74QjWCI9seBV0JP+183vv93jvdqLpcI4Z6RPTQbdbtalA/bah2bj5F4AhodZItNmyaRERpR4p2P10Rt8i+lqaPrwktjoA1gk3xnNco2Pc0pety3EHBP5C+j8G6qsD4ugOur+5xDFfyq2GjCTdaKxtk/teXhFhKdvG/8TD3aY9XhpXhTSSs2Nj+3heKCIiidbRjojVTglV6/A5BFJEz5DxkQzguKYTP4Pv/QK6piDVA3zwfO1n2XWSzv6fA+HG0jZ8jksde29Sf7EiLdbhwZ/G4/HBE0IQJVUw0xcdHvwv8bQzNYOMdw3Cdg+dTvLbcWjVaT8X0fqbKO/eVxtBMyv5IkhfDGSeKQe0WCx2YpUiMuK9UVeJoW2yhdJlzryan8sGVuwPL64BHkQTokzaTsIc+nB4b1G3Jcd+JBhm2SQOuzW7RTcjRU28vsFTofQ7dSjht/pJOYcXKeHUBCWVXzWJsRLY/Ua/R3vtxftXdQGUoTMIx97HqX2kQm6XTzg3BcitZHViVcUR5xVisuLL8mzi5dZO0yASho2AsrDoBBhtuLGJjIGWrJOcUS4kqZLH+eMPKmZSTZmz/XRHfdQVCKWnNtEEEmu7ytGmVsHQ0tM6Pc4Y97hfl+FaXkq0Y7sXgIHrVcnmeYeexkd4/+J/XmPlUs5n8ioJMviVftkaPzy0XWFHOMEwN0/eF0ZCFoEFKd8pTMLbpzFePDzV7h1hZi/A5iUDESfxiH3RmtoX2IM/TORt2JXohvzh+AnrPrHCrKqr6Msiq+G0sxdKTsVhS11raREVaBlc0++q3ud7PsLt3vpMor2N2epzROgeH90MbzvSFQ3x6OjFmN3WN8bEZF14d/yG1Jt20O+wwGGaYdYHNIkA92c+E5yq0UxrR2sKbYPlgU9F6Tx0dIz4TqH8luWb80jkZ0QarNw/D+Cvg6OOMEDz6Bycxgd8B9UOhLqwyCfxgJ4djAdfthaOXC0PS5EngJ2R2DwYwFo9dkCKkd3dwrmqc7v0b5VzMQClT9VJ0mh3iDwEyGfrIqDILzZtB/EYyw+CCAfvn7GV8LU2kTaxqCTLqYEIF0IR2TwLYqlD6A4ca12SZsIxKimerbTlfXEbVX05O6aGZXv5LjTmGwdxlEfSFMdRGZGL53DxHC6eowFcPIeL53DxHPYr4OI5XDzHHymeA27NGQYb9HBofxWvlTyZ5MlWvJh6SzHWDQOlRAL6m005t2qn1VT/4rYk/k1MsnE9Rfp/HxgyrIeZqkTYpGJOgwVu3VQmQLAyAvYxeMIdu7u4vO2pfmM2VnI2Ed1QGQMShKTCuo46xcExpkS5AhY82g++qQjHYaD1Bu9BoMsbE7oun4FWjwGRX9R0HKjOcQuGh9yx/gq7wWpcZ/r9Frc/c4O14pbtB8Sn1JcLd95WCuk2h8aOeRnejALr5GDLGnLxgHHfqWZDvGytdV12LEZt4LQSDa4ly+1H0q/q04hufaVjG/Rr+zjzY0/WZ2sGodRaaffmMkGs9BJGsikcFztpix31OHkqhcEO2mHj19Dn1dB9Obd4NIxMIrC7q7eigEP7HGnhMPN6U76PxtHVm+AOoaF+XZGLO+iNOwjX/myG6mCQmsIVfLD2V70xB80vbRRwcPrxBff/EvunBzreoPywFm5QGTsvn4opKD99pEIKlCEembctogrMXGeUA56VrsmUawd7onfSO4l9ZIQUcIY6+OwsmI+Nnc+rQgkwjUThNVpdGQv5eu9mLLgs9bH8Tf/aN5a+aAtc1PKCP8RYi/LWawm1KG8xF2lRAhdp4SItvrZIi/Kp7wy0gBNVfts29ZcgtD0KiY/8VotnPtF42gOiNgkORlL5Bg5OC8Aif/ZQLy1Ypr/Q3d/Il9ox4EDFqI2yfCVpqToXkwDPi5pya27E03mpRWKupXMpq8DUn3xCpYOGdP3EXYxqdBpHWy9vyAfvVhT6gLOXzkaoTLmlHZYdlcYgue8N3A+bqE4jeiWxIalFaDxbcbfJONo1FL0RDTscR1diQINFMX9ulB925CDQZrsWh9mK9PSZrSvEp2S1LiUcLITabzP6I6hEPwl6oV5soUKSqyRj57WvkvM3rLYqvjOtD7V7uAiWW7KV8pisuphFqxTecLk11MXCxA/BOs+O0TviKgyuj7GsJ2zkEcYejYQv7DEJRMd/ov+09Hfx4dUHwrWsJcQafs6LOjYYxiPa90deEc7+1/DztDNHmU2cHrJitfLTMAs6XDAaBEETnLuDBufuUAHn7rDphJ27QzNinbuDAufu4NwdnLvDV+HusK0RZI67m3/qtoI4Zfm3pSyfQDtOV+505U5X7nTlCpyu3OnKna7c6coZnK68Ak5X7nTlTleuwOnKna7cBKcrbxuV05U3gNOVN+HZ6cqdrtzpytWjh6Qr/8MHDAT3GCxAvzXECbSHCASt4QGPdh4Z8KKkW6raDsqaJ6GgL/3WZzSoG1MMATO8LyPK4DHszXhSH8dDCzLos5k4c0kJnLnEmUu+WnOJtaVkoJLSTkMpe9YmkAHFnTxWSfarQ1+K11qUoWwCpt2mSeC138T0CTUpkkSnCdXwtWlCF7CI135ftbm/8FvKVBLkiB/5sVwL+bPBcTTMTFCyQbt7Z+ZGkc/W3N8NQzTMAC1jdYbGRnCGxpZx/LEMjZ7IcN93XjkNviyGwX8JWtJzBzYlWmgzbzaRopG6MCs/N9lCR2JsO1VTtLj0beTE5+TaP4pcuyN/QCfWOrHWibV3v1ZOrHVibXWsTqx1Yq0AJ9Y6sbYMTqw1wYm1rUh4qGJts/V9b/Z2IF6whjEMhSzsYYxDHk39EdK7594UebTsNsuD1TH/G+9FuA/xQ25hjxZ74cU0C9ZRcst10Fpt9izNaGlLVCm6fe79HExUJs9r/rfcKs2VoxvKE/N4CCOiiZF4q/ISl7M18Wi8QJVlvWMheMkxqIGfBciCfDbM97wLr06Mf0oBV/go7MY94R0j+pVCND3Tbgq15zV3hfpS8SoskzR/rwc08lZMlLQ7Q+3LRzt3a6gNX7rLZgWG1WQg5vsRDOjT+lj861VyHR+fccXNY8ygHMyOhTtYgw6FvZXWSz+rqHCMX3pVJ3BQI1lWNplT3a8cy2rGxI4oh77cTxdBzomgiaFpXrumAWIpr3DqlxVdZ+Uf62S2Z5zo/Xq7o+FBS2fNY4Qnmw7QGpGz6hA9ZhuX/lVQEg6xwiiqRoh1ap2OELYbJ/SJn206pSL2pffdTjBvtNc8XP28dcgzVGsgvTFvvZK3yTM++Buo5UrMcv0wN+vq6hSJlXZm5dhXxqDJN5h4RVmNNg1WCUbjhLF0D2Vp5waVOFHgZ6Zqy+kAnQ7Q6QC/Mh1gjZaQLtA8czWFYO0TW62g4LzeNwqOFWWderMpPb4MbDI3FLDYSbxoLqhXl6XgLnwbxAu8Ak5qDzsETviOruLWrPb9Ko53IKasipVxmWUiqT3SbRHnDDT2OrpVqhhByQXNamiUaDWMq0mjYCazf+odyrYkjTfDSNSdCtQvSzDmIfPCpvT+RHKhvye1Z92Z8Lty4K/Rfb5BkC/rrDmyKMg8VXd4VroHuZU26XkCQm7gV4OzYMsuUFB+BVMC3jfYYnUv6N69oRWmWLAwLq2vbw4XFmTlfwlU/7Acc6I0LSg3loorSs6JL+e6nEa7WkLlVca/w7hAhWBDw9D7lHKmUGOeyS5QyIsReYE6YfjhYwVfr2+mAbAZTRtThEvJzZYV6Zxq6Qrl2qwqkIypkiUvrkILft2kgRLBSxkgmo6JKNCr4vD85r1ROhE/Pn3aoGvZfBdLEWOTzfNekQRJdCVvWx7zSdMxJ+6N7mS6Hrko/QykVJQzw2wJqMqvg8CIqPpnkCa0xCWd6G6RcRVSwY0QtT+3b0O4pTc9VZpeJhhMxYg5DxgjKUYZxjIb0LWHu3/iTxuLqNwdory+Vdock7K4+ibYe1uuVT83ouPGXD8bT42JUa4srAQrP20K3eEGDXFLHnIK5Kfv5vPyG7MWnoHhNGfdO1U6NiUYJW9SkCUq04baJarFky0U19VPeMugRgj3YFTGqVkUuc1EwNGj9sWTOwuD24foto9UcPDyCdFcVfiZhRYQc7CYMVeJRpFKlo/Gl1s7BdlQXNFcnprqMDUKQRJsCkNBS+0PKxjBXgXjyPPHHxTHoKbsr+GEt1o0GZrYR+NpXwgkgsSa9fA7FtRsz5CieJ0eZ4x73K/LcE30kONN5z0LwPDZj8KZap536Gl8hHcy/odoBXMFr5Igg1/pl63xw0PbFXZEDGdI4cNczhyZbENQzUQwf1Aqhw4CIPzj/2/vXZfjRo510f98CgS9HSP5EE1qLr4otncETWrGPCNRCpIabx/vdcZgN0jiqLvRBrpJ0Q5HrNdYr7ee5FRe6gKgUACazZsmK7zWUN3oQl2zMrMyv4+6Gl4RVzW2dH1jCI42SqX21c+jp/7hDt6ar+LX4FlG35AXZIraFStCib4DaNxSVcssLS6BnlwJvNBcBgUSt7fPdIeJp6h005ep5d76nR72lgeCl33d7cOT4a1zqVMvfWnn7asCI9Zv6TttIrE+Sxaw7P8F0htX0L+Ji36kjgS4elBGnvsd6+NONa0vwitsmB71U7ZiIE9/SmeKemf95NxhfQJksEEv2Fb/2sb795YXuVtn+2i+TWdQY0OYAwtT6rfxu+3R4MO2Rx7yBi6HzZXcmjpwxVyiqmD4Ie0clWDc/kpvZZXOKHBgt/kMqPQGFbWh2hRo13hZBI60u4R6nFBF7JKDubzILoHwNJmphfqBzjaa2eyipY6mB4tHBoED/qjfQY31T3639qFM+tNV0Y6YAhfNt+89YTq6xJ30f9XnOkRo//PQdUhYE8remaDSRygE4PeerMAHkJzndOMTPpLRRG1WGjpDfkJHMb8QzufzMp+ulsa8e5F+fh199zIi5tu0GINP/xI8fz2aYnqFtbza+/XLUFPw7ISWsB9hDzhi3yWfnbsekD17oTr2a83HGqdA1qsjqNxOKDOoyFfzCS35UL2d1r4ubwj04rUGMSLTFlQ+9ctv9n69wzc2N459Z+dbCXB/zA0ViFayyCkWJ6mobttymRRLJeXxLtko2Uu4sgtUXrXn0bpWrTRTOMlxXlJ0LUWvVFccv0igWmvZvocQuHzqLAu8xzwH0/6TMlUh/Ks5MIGqzZDBwFysCgj12onSeandTtDz2kWleXdBV+mB6tWvIYJsyRkE2pPFgwyHujKNc6X+1Qajx76rnFFKBMV5EZOEca4qfWPpboYvWva5F8qNwb8fgTZgMfcTaOsLo0kA5IcG0i8q8UzsFJKVC4i7C7Oq+6+3MIM+Qj2/82+ePpIuUDvJQBY6FUEGiifelezcqeVG3lzk4OEkp1pJsTogj5pi3oqmkCVWEde+XeJcCi3Bu4oCKuQyaZNdEC+wbBv+DcuuDguvHZeqn3DRmFSOPzM6IMCw6S37P9Uf5WoBoEx4ecraetY2ctsVPXW7bTx4L8GQ9lBs142k1/7WDjvlTIcB0afn7PKrClhzz7geIrP/stvbnNbpOgVUt6SYcGe/Kk2tA5InNnnhr1+/pjXSCGr1PjTACQFlw2fvvm0ju+JWc1X5Csdkgr4AChoBhwLcDqkP+XrRCRgBlQfxH0OiV4lSJQshUhjjc5Z5TpzvWCtqlkWquqVmxwFnMysAtIRblNKqwYHX/GOVFrckB1WNFj0UPbCIWYynxiyfZBcIIcq5M6EDr7bM/Ck6AGkYX66yiVpKdlBba+10bkXRZToH30rqj8TQpf9c/+DUx5OdLxhPlgLId8BHwfdAKcWGq6NMzZFuipp2taP+0aqKQsEQkPfHb/8aHX2P9eD7yKN0lZSsnKg54Jjq1pQQKEccOWYcUtDAHRtqopbMqpjTTbsTaaSlmZpkSr8Kn61zW+EiKUu6q8/4doUqS6ZlTnEYs3OI1tO7gIZDnSEXavzCyllqeswVw2jgQMOLr8GpT3FxhbLuy4i/tKMX8kHDYmcIVrV75xgqqOdxiiE0OiqHWmo8tya6wbjsQpYmdTafO+ujGqjYOX82i0f7CfXamtAEoFus3HHe0BZYoMvx+zNeB2o+vt37g7JQMiXElDK3E2W8FtIMM374sa/3XkUHHLSjNP7v9vZoOgmqNPAqinqDlG+AyXXwc81CwD6MUeqwFn4B6rv23FLAg1INl0tYxwbGFJdtSHqSIAMJeRu90NtWKS/JBYVYpTqOhQJvzAtP4BfxPj51pYYkLV6GZ2wfL9sm2p1nMoM6L9V1uedDWe2f2SJfpvPxbbAfjZBZVwIpPX0+NnCx6svLHJXhvBZOm1SiaNt73eNUngZuIqA8siLwji4i+P5Nnfulcx9ctcFLkhp5cZlA5Cw+pxM4/hkSHy8wXYIOZrzbfWlOX/X+W44o0Ne+JUXtY5wOQXybeKmQXUO1Y8rLRg/1aei6pdd53p6KB6X/VOGO1DeMLHZAfNF61akoo+jIpjCS0kOQFZjKx1HHSgJNl0q0XPruHXQp85lN6KSIXwrfSfRxi7caGNPrSnQb4p0sQFsuwGz35/XZkih5oNaBmnMl3UZG+qgfA2Y/iKS52vsTSuy2mB1WKvB6xDsKBvgI+qR1PlporXRGJbtl6MJS/6ekm5JORcmZ289JrNlcsg2tbKysEtpMn/AKT5XVSodsdQeMlClD1+22Se1mPJTq3Si8aHtCZvu2rYJAo+0XHK2iRGE+hzVaS2kIrYvjnBwzLPLY42S1MPQxKfk4oXgQ24vY6mYmk4Jm/aL17hzKEq9z9eu0Sswg8qE19o5HNokOj09/frv/pzdvH213mGF4Xtsiv1Ei8ERnTAcO8v6b4y3HtOkJnaQLEoQ6bI8TaTCV/u1b8xwrghgSB1crwauTFDJ5pumSjCwbt69Xz6UyzcEtPYZzGIIGR0bF5yczOCEgbxcbljindsh+WcL5BPEJc1BwM3YrY5vx1ZxLktPnTp2kuBMCgAmnpslnjzR4HzsMswJ3NC/iGaxQNAohmQr7wlQjXH148zzoSuyM9RkSkfW+smZtyEY6BwUBNy3ExULrVYPVIolu81XEx9ctuhNuOi7PIrNI9/XTet3U8BzQJrYyMNFZLrjm58udKCj68BZQpxCTVNXcEwVbM07lOEOhJdIn7hFKWxZds1QRdj4c6Zy5vrAxuvSM5FLjMc3Hn3CGD2F/D21ix9KBAnIAWSn2jw/BcET/OrzQ+Dm2IW3iEq+zdCO21eArk0fZDQWR9HS+xlZrtyyLLJt9puyXmA5M8i6u1BKdouzorN/ismCoHm7JrlkAx0DaC7+nYt2yMI1ZmKrh2P2VHaJ4wmPU+XLQhK+UPo66d1VAI++G2gQJqQAoKo1MAhmUwq4es6ZlXx7pl3d33b03vAjxo9hylpNwNk2BAGY49JXYSycl6FswodtwETrLSndj4NSHozGhIMDLTab0n2+//jp68XHO6TPoGX6jVsPy9qWTP0tOxH6bzZ+cVC32sBi0y8wW4mxZvRLx9DOZrvpI6hwE98jaVM/acW1a+tRDcriIkH0F36NlezZLbxkcdgBQGTp2Q7DGbNk86lgQdEyX3iOlVP9ND9THo8MnMU6qaxsapq7gayixo5MEH/OiMLkPdPhtYpizTndl0D8GZUiYbr3y9kD1jpc3k6916XlxzbxwxuXlJmSfp8royvJCf87X7o90pQ1djdW5H7dyQPXRdtVBsYRYiRYAuf4jB+VPujIPLl4SKbUV6S7hSprTrtWXyaLEeKnQTiJIQ6hFOwPpkotDb/77P/+rtB1ZYCB2CjyPWenB0+s/NlDohV5AwPXGCMqBrtQ7TqYn+pJR2T2arjDIKmoLgcjkMGgV96kmh9Th+o5+bO6PvSnLbiGPMfL+7drMJbj+x1be2mUwOkyWCeqq+SokKqjJKaqMxKTaV9/pa84NMeg2Z9INOCZ5kSNIzrD29Tgw0aLDRhfso0iiRZaONdys9vfQVSt/CKKm0E5H1mN7dQSKxXrBNOGE7sSj//v0/fHuD7k2WsaYBo84FzP0BGhwLJa4p0iNq5Tk7CItlyOuTc3F377+j+6xJ4xIJincMXashkNx1j4OiKnd3sAscu07u8HuLOF2PefurFJkJeyerSjaRshz2/x/wQn87+3oxQ06Mbbhn9vUJGMauPAbtmkUPVhkl5dpOJBVFwRwgWMDA2IzwKZyqpvznYy9yq83VY20amd1bHq8Vqkg6efoa+P+UyP5kiMxyltVF0IxjsGrPafradVrDBbHG6qbdDqN6d5gEhHqa4936imlS3zAAg3CEvkKQepy5rQ6hOf6uhxdG3zHX4mBWNFygqMJiYW10+tiBef2RgVEH3ttHdmwns32hKy2QaPYx3JbZxTXs94eHjXaloGD1nE1qMt6I0fe2ycxfHhDtbvJ0dNK23r6R68xPK0riBrMTQkmUrVrfii825nQsZjMA7zKttzzfoc5woju8W3M6h+aN4YWeNxOJa3LgEnp4ZdYZyLW8k3cjxTo4Z4YMGI9rf517f4oao85N08Mmg20PczNF0yINazgXVbbHE/z1SSG4BFtH0X0og7wBlSr59l0xzVGbXzfDDRfVgc+pJT3g7pu+NYR2+7cPJ6quYX9m2OPTtNxkSK8bbhtPed1Uqly08Nva/aBypX4Lam0eLfjmyWeifuaiFCdvYawx7YIovDpckc0vmAkAOL0BWFVguh81a4GxwMQzZR4P8xhyDfhUfrerVCPBb8lmtCnLm5RLfdFzXowgsWCHyWEYEO1Vd5augkTHC/NU9ppWfQYMiX0i8TkaQQdTf2H7aheqXY0cYxSzeM0RmD3Ps6lHIPwKR5kXmu7cVfd1efW11WzGTdNT0nZ0z0zTEg+pFvm8V0yT8Ed80iumEdwwzy0C+aO7peHdb303PTdLpdh+30dV8sTcbP0HLFu98qwEVvHrfI4LpUBA9TDlTJ8lNZyoTyK+6T3pfgAt8mw8bpvd8kTd5X0nIBOF8mwQV/DNfIobpFN2X3ruULm+SQ9LNQpz6mJG0nGqNVpaMoQgiKZ5SvCkcO8QwNQUQe1LiFgF/StCVRFxzy0titVljMuWEkD7JKdaJYmcwvhAzqWqkinpWH9nJcLrTUgPVOAM6Zs7GB6xvuzN6+9nTZJxBRf+neYnvFySm+M4nhJj/79LgadtoKODjcxdR9MbXrSdJIRx6jYTaVtYJOazEnD3WZZ5Ia31xCB9a/hRQBSn6K6aOeMFfhxruRRucjJu6Kj+zsiZGpvdoj6oO1X2SUk+k5BLCIS+2qWUiqhwyg10hg2iMk3TkpcYdo+hxQ0RHsJRZhjLK1TJXTTjFl0AHGU8WoRTfNLdWCwjmkrhjRypeympYPCkePQUBgtanzB6AcL/LK0o02nkM0+vkzBSLoE6Y7EAWX0oxEt9LZR9BdPR/yIF1QwuU/1STUvzi/iZZE6043Y+aaXOzXl250nZyww+yFk2UPMrrYzEvsyENp6GWvAZ4srtj8nkkf9DQ2uagUgRGSVYPHfl+A9oGTzUDsoWXuOdiZMXwaY+SAgIFHEmTbklTGjbmcKwJkL2HLFJ85fpDjnnivdoPMTkgauKHXaMwYwJT3Ccm/uA9j74D9BY7cy9Br6JegKpBDyiwStNN/C12uiW2j0EIXXXZpbfznoIyfScXnOTuA39hc4cBAtOWvHycXX4BnNWKzAydM5IuEwz9i+reV7x5Pc8kTDm+h9bj3s1TbSy7ZWxSb/u/axBjuqfNzGpoPBjYP4dIhnz10o+TkDxtydUqfBWrYWsmwN+stDrfaCSO5QCmskrxoXTpMKJgoxzG2SHEEP6A8mPbwLuKqWS64nhIWfl0ol2ODffjuowUiU2MURC8+4CO+oBBPIGFVAsYltJHdueWHoHXcih99xJ2KCx52IGB4h+S1ilkcP1GBAolSoC7tGfyCB4v0smrsQtWySYdGZJTXDWcF4Ho7Oq+WWZ0Yeh1DkVPMnZA7MUOLSLRiGhXNEs6GnCAGEmoxe9es8gzsxtcHAv9ySkaaGjsAgOEyYq9E6i5vVyVVzSxCwK0YwaXYx+85KY9MD6LFqbLX95SAMj1/hf2Lz4yEbyMNAuYmV2Y8oM8zLoglzgjCRqPCBElouYWaMRu5HEqhJWa2Dv9rb+7Vz/IyThVINiecgvUV8EIJb8i2TOu4goiCQeMNVCGbLrVJwbfUOD463iRgIAJ3Bthl0sVYgw/U3Y40p9emIpB70r5sbh2HE4pgRSp9oZnHnI5danOtCy8QOLe5VLcmqbLANRRH6qSdHPwpdr/EJa/2w/qiXfJhVSeA9H0znzCEXXJNLZ4v3dA0NmFhoq7/qpGNmHGpSkcoMM/c1Ko5PZ222xmAs6t9Bnarfs0WlXfuXVVJdA7UrJNZCYi0k1k+MxJosHSGxDncPipBYC4m1kFgLibWQWAuJtZBY6yEXEutKeXYk1vhWn8QRfmvhtxZ+a+G3Fn7rZhF+a+G3Fn7rAa8Sfmvht25pk/BbC7+18Ftvlt+awkU/5MoeCCgh/U+pQ6e+iiNuQR+5bGDNmwA11wb824QuUxOJbwQYMZn7soObNZvY7ZRG2ydqj+WznWj7OL1RJrfadNvvpxP4K1DNX+CV89xmDACvI1AZ7bD5TwkFlT5bFyMwfTK9WOs7UmX8hfhzqdmBB6g7gQeol60P9DjXhALd1wShQBcKdKFAFwr0L0D2CQX6OqJSKNB1EQp029xfJAV6y5PDKMvbVeG4+vOWZ97PSQ8PjInwoQsfuvChCx+6KcKg+8tm0BUWD2HxEBaP58Ti4UC5Cp+H8HkIn4fweQifh29+hM9D+DyEz0P4PNwifB7C5/GL5PMQagl/EWoJX1eFWkKoJYRaol+bhFqiUp6CZ0CoJYRaIhJqCaGWEGoJKEItIdQSrUWoJYRaQqglKkWoJYRaQqglhFpCqCWEWmL4iAi1RCTUEtEXQC1hYMO6un9gHjQToskaOOTVzok367nZ6lY8Cv+LzXsTzWhhcUTNTQo4j4Pebwq+o6i91qujLu/2VE3iWZEoG02jPt8V5+ctLAvW2lMHzG1p3qJPRzjXGBcakRvwRG0XZeQmNNHrJu1pNVcicIqB6/Zt5H6bMPxJstSeO0SU3qGDdlVW4NugwnY5qp6CGSEhzbXjDcYY7DzYKG0t10saUmFQm295rlNUK1OxTNrTuvsDMV2tZmrlwW6mDU71gncWNXjIsaNAUWZawCEy09cxQ6yxY+4Dg8Os22FC87trfynWFXEBNVSxWScI4wXr1fQOtOlWYNZqpSYsFxYGdHh8lQO6iFpIqBuql8GSq2qpLv5ldLlK1IuXEO2KUMk9B1YjEd5pcEuluxXZshVEou/wnnI9WhtBqWYA68ZqeMtKSP0JTcU4B9dVSbcZGE3ssjyg2e0kOba+HTd/udSALEaQZ6C5whtRLVbGoNqneQGG4DTgKYNZNf2h8X738fRMq8V4JYFyhw70P34PNAbrz4BHj2gZf1Yg7IUPLd8djZN9VgBGNDZnR9MCrd2u9oTDAZuOkw6tRHb3FV44wXbMR3z5NlI2z26PffcOHC8jU+sI8cMd3BDjboQZL/KyNGcomyf7Wq/ZQa6R83QMKJ1OepXVI1obYXN4LlbT6EWpbNQRep0YVNRW8ZLCP5LzbApLCsFRICRfbQ48krLZIi/U6m31OnZMVkh7j6PW1BBKXvfpat1auA+LSmi9hNZLaL2E1ktovYTWS2i9hNZLaL02QevVttNNQvIA3iHPYFGbDiu4Posiy9EoVJKg0sz74H8SIi0h0noCRFrPkbvuyTH+Ne+71FCV+TjDpYu3eoNklV6p9C+ustKynyqfNUZMM6Gdq35S/sA6RGh35T7TlQpZmZCVCVmZkJUJWVkXWZlbhe7frBeHGQTXMelViM7MkJdp+it9I6M3Jiub1k69B5YzeA+2V5jNhNlMmM027R4O0JcF3Gt3p+HaCksK3y3Nb3TWmaNBOyF0M1j2Gh9O7Qf9DwtRiC6/tCUmO4baM8CNTFzAVXs+7WCMqn5Lex2OYNQ30XzgODixVTX5f5pq7/El/8sMCr+E/7XRl/Aee2H7o1/zMiogEmQn+pSmBGtL2p7RyFSd7w69047RLjdZSVHCvhRn2MCv9fpxXe7Fao7X0HBT7esPx7q0rIrfRPv+tYCSkc9MFFCmWq7Nt3l+E72f041/lb3NJYlotvAG/ypKrBbXNrb5BqA2/e85Q+IWCKamJZ/itsPASOCGvoaQSW2NEeowNMa/qXRYtvfuvdfwEDQnd8nqFbNknlzaa8xgqLd6T3DUSK1Rms+SeqmGbP6VcyT1e0vktA6MtWJYBUK4+PiEi9ChfLXcv1DtXWcET5zfU+dpDwJ3CyuBkIdPT7nwsGkBjfZqI8nFkkWPzQ9GTQESinUuMQbJuUQGkK7GngOf8t8dZ+mgrh+RTP7r/ru3Vk/RIOWmTSy5T74/+Oabb/7Ak+BdGRa/cMlQ6mbMyD8Javs7sFajP+xEX+99/c0ORMH+IUpm0cezA0+VIGW24cF4T/3vD2d7f3i9t6f+9/9st6+O9hjBgOEljJzCyNnaVGHkrI+IMHIKI6cwcgojZ+j1wsgpjJy1aRBGTi4djJwpBe235lj25OO01WiLtdRBjNQ3jODgh4BVaH6VJtPllY3oaKkZVsoV2InOj00qlTHm8/F4Vbh+0Gmm9NXb8dRctKjxTucTcDs42vG6rJ6z5PPR/PtpdnkVAFd4qsxl72zjIXEII1bA7suBWGqOCHYX9K2zOMxIXylFC7KelzaMFAwgvzNVF3d54OamWkoNA+AQV3HsQUp0dDp+W7snQP5k0yC83BSywV0L6MWqXKFLhhUsvUy0CW1X00sQLeC1SZgGC3ciZ7WEe0jOP6V3UJj8NHoB4Fmw5FiSumP5csez/lGsJdOb5DakxHLEF17Gcz/QF0REXs7GACCTSL+DJEOo/e6i0GY5caOB/+Gzw8VZ5Zpbm3Lta0255pKW2fsbyoW3vIRfI7VXSA9x7ne1qy/cZQD8JEfpjjs70EZECaH5B1Yym1J7Dqx2ZAXrl/hyaHXBdCedm59du50Fbih0P4YYvu6HoUxYmNueEhZmYWF+due5e/UuLMzVkfFTiwoLsy7CwlwpwsLc1vLnL/uEhVlYmIWFWViY12ZhjvZ5WhyNu2Kd4BGnaZJDV4cTIW4W4mYhbhbiZiFudosQN7d3WIibhbhZFyFu7hM7IsTNXY0X4mYhbhbiZiFuFuJmfxHi5tYixM1C3CzEzULcLMTNQtzcLELcrIsQNwc7K8TNQtxcLULcLMTNQtwsxM1C3AzliVj8QtwsxM1C3CzEzW4R4uZ7Im6GWC3G990kd3O1WpO0All/YCMaBcfFz0uWEOa1dNJTDBCiiSpkizvweqVmQNKugaDRNjruqyr5qWogJDUbqGS1ZPaoKRCfc2seQgXnAsCW0hA/VC3Kfk8jEt7JaBN27WfOrg09+QnIAtSmWKq1uOF59FR9x+m8SbIlM8FgeO41viEkyAglc4JtsDiZPWaZqzYTzTWsOdNCdS5U51XEOqE6F6pzoTr3PyJU59UiVOeRUJ1HQnUuVOeZUJ0L1blQnQvV+bDhFarztWdAqM6F6vw+qc6bh7v3MWFEF0Z07+gLI7owogsjevUrYUQXRnRhRB/AiG6wZQwhuv3kWfGhx3G85QTOglMfsC7mCNmtI0+uX21hSFt0gBG/J9y9Q7pHB8npAqk0AETGabGMCbG0gOqyOYxnPE5i8Ji8hp2WxeWtUnBnu/Q3eKzmlzH8kGowilCsNKcRiMPzVQZwvdg83fjrvdGrb0dAZ+6CULDbdPQ55u5oD/Nr1ye/pYmEebES/u34Kh1/Kkf1KrY0igHx5lrfu4H2jv6SnivD+RN+ekN/6wVAJwqlmNtFwW46d/tRg3BIuIqYn6o9RJFh7kA6DyxwKewyxa9ug2n4SQqXQrwAzIqNo+tXzp+aW/myyFeL140h5cHTA84YGfrfcW2cOUBSK49/xpE+gJHGL+H26ceWB95mDNW5mK6KZOqdLZqIK2WCHNs2xdHsamz/4oeADGqaFL5qtmDX5rD9TZQcROteO+MUV7BM8MLnAC7B5+adNQd6HWzOh+RMQFE89HWubMTc499suWvkXfOLLmbx4+Yxygr+VLUnVxs7L7wNIZGSfl4gq8+76iFGzXnj/7KTkf2ALQxjE7UgvTebw03/s2dsDnxfNZsyAWMHlq4r3jW3eDJVRs83tGjWIBevHJrNVR2mGnfXNnnUXGjqQ6fZqCuh88DwB6az/JrYsdipQtgNn5fIpQfMeEJdbopQlwt1+XOjLm/gIenoJBIbEcoNBhev1PJlM5Q752GzDy2QtF1QtB0QtN1m0v78VkN11mkD0AuvuSMgWpzhfLfdk33bHtUO7Z7nRdvajNjW2HP6JG0O8UAITXAJnwKe6WrRGv3Yg/5d94M4N5Slx+lGJn7XhA1S9JuHbp3tdk/tTMsNtyTOQUjXLq085y2eRTNLZ/1gK/3EnM1qvMBS7qLwBm9QcQMPQ/mUPgqLs9rFHdxTIKytDsrZocugCwbBdoIFXI3FWmSed5CTQjNR88Y38t8Y8KbzNFVqDUzgNqhCeFKPufRiX7kYVOQ1mGbXsLhWS1gsUIcTgDAUJLQrr/Ru+aQddyEd+aP9bq4eIl/08fJEHzM/9IHzQh8wH/Sh8kDXzP98mLzPjs3ZnufZb18Oyet85HzOjpFoz9/sNxJD8jUfNk+zR8cDeZn9ez8oD/NB8y87b+t75FsOw3bddH7lE82r7BjY1jzKfoM5IG/yQfMl14WNH8ix2e+GuUaKrtYZ3XxbzkzkLGVbmo0JT7fSz2kxznxEVsJI7i3CSC6M5MJILozkwbcII/mg9gkjuTCS2zJEWzIX0Qd98428E/6xWY0dB6ujVKK9OWDKsEl7qtWpB+wKruYbmKaPSJNxKqbQ6dk5OiHA1eOpG5ONk2n0/kQZEaN0xJaEp5mYw7jcsQnZQF06b3Wr98ueatk3zYGsHqmIo+FkId0y2wg5rJjphgEPvC+wLiJIXTZe9xFTumo31cR5yZV6EkPQeEteZtctqUWc/lRJqdMJSeDS1/ev4en0+72DUiuce9ADrbI7iyAM+HCnLIS7ty8cOB+KiG9dKutFy6uuHOH6b721a55hG8t69QizyhNrJ8DCfVyRjilCppLqSlksnmsSb65j4Ob1ntM9naZJvqfke0q+p6dIvqfke0q+Z/8ZkHxPyfe8z3zPB0vkrIYQdyhg9VSkRiD3GJDanEyXWSvYoRuo1/g6nM6i9GwIKX8d7bX00x/KVo/dHtjXrj5yjzxdfcA+Dk7Lfd/4gfXUY/ywJ2fX00XO4r2f1F0nMKpkSuk7hqPpakz4ppllT6CiSU9omXEONj1PVQ99K92NyqQMjWicFeMVYRTqUD26/GiO7b0sE8pI60wapqegzTfVXOg6iJobrNax12HIb8Al6ZOKrcZYj+vTpnAbltx2AScwfaKz25yPfOltNp9scFYMW4pcUz3hpWn8c05H5VddqS5gEdrIUmUwjZnqg7W5lkSkSnMMpbP+IVSqOj5bVBq2f5lWGmXI1SUZ6MtKBiLBLclAXR2EIslAkgwkyUCSDCTJQE6RZCBdnlQyEJEC5nCPovMeDOw546DT617twYJcLf2xS6qS23yl3lheocMkKwmSGYWfUiCV7NhBd5wJHDDuRoql35M8JclTao6n5ClJnpLkKTlF8pQiyVPqPRKSpyR5SpKnJHlKkqdU/0bylLxF8pQkT0nylCRPKfgWyVMa1D7JU5I8JVskT0nylCRPySmSp/Sk85QcKXQC/rl1BNCAu79qUJ7vyq9ywVe693ueN4P3mBzKaHCjg1HVu/2x0ic4AJJPKdCzpkofQh8GWNOV0CLfyn9zOYq2//ZN/N1/bKspQe0KiB9ZeLpdNdF+3FUTlu5bFC+Sl9DeIkVZaTbrN76gqRdKwPgY+16c1+rAK9XvPFU0bWNgMy/UZP6//+dvf9uL//Af/1dM//k///E/WtaNZ+1LgpskuEmCmyS4SYKbv1WS4OYpkuDmG2dJcJMEN0lwkwQ3SXCTBDdJcJMEt196gttTTN96Yhluj5lN9gTTEXUumyZ2Wy+V7S7Za87+rVhVkngmiWeSeCaJZ5J4Joln95x4dtyohTqPMlsnZ81Yj0HvM5xnrcezW5a58SEq8cY/cTQgGFz1hFIfygX4IZSkO6Zb5vlXQCJe5mNMUPNVfVXkq0u4Of87bLvRB86jOjr8O3nD2hKqXKUjXZqMiUqSVcLJdHhzTulRoP77PRe8s74q66ld4LS+dW8VtHISvcC4hQn55wwbtu++LoabGDAxow/TZJ7iS1RtyRQPw7vWzTNyX0231WspazU8U6N3mg4px7CUFENJMZQUQ7dIiqGkGNoiKYa6SIqhpBhKiqGkGEqKoaQYSoqhpBhKimHtW0kxlBRDSTE07ZUUw0hSDCXFUFIMa0VSDCXF0BZJMfR8JymGkmIoKYZR65KXFENJMTRFUgxrRVIM1+2wpBj6B1ZSDE2RFENJMZQUwxZ7p3m4DzaLJBNRMhElEzHUK8lElEzEoZmIJrTdJCLaT8J5iHEcbznhmBCamX5Wxx2683U8x/WrLQzMig6UKZnPTri+Q7A68SjYcpNAMLUlcUznsTIYY2UhqIYVUF02hw7E4yQGs+21Ov4WWVzeqlN2tkt/g908v4zhh1SD2Zux2tMjcMOfrzKgecHm6cZf741efTuC5TR17mzYazH6HHN3dDjva/1VrF66pZPZeCks8nxajuq/3dIJLJSoZcNz+Prt9nX0l/Rcqe0kM2/obz3ulB+kzPaL7NKuFPYSuEuHWoJjwVXE/FTtIQqUckfQeWCBOX67nFOm22AafpJCyAnPvFkbcXT9yvlTJ/ZdFvlq8boxljxqeqRhCPLCOAfi2gBzfJ92gXxQQ4yfwpb8sf7NW/UhfruYropkWp0YGnOQR8f29XHEaYtgh6+mSVH5zRbkJuawgUxwGEisa6f/A1NyncbihawySviE5QFsJoHqx7bceT6pftiVguq+lt0dOub3DG980OTe/ZBiPsgu5nVAF+EfJ6s5/vd7ZDMyayVdjlubvLhKympS8Qfnk67G/mhuzEwQt81KoXsVPJbqS6KZxauD3OlfXFmlXT9VPmu0rJuM8RtaPRsiY8QJCuax4lIW+kXJgpUsWMmC9Qp4iN+t7DbO6rBXCs7D1RH6olNigY1PTdxhPoNIiI5efF952NiIbAdwVdGEv245jtxiLw2S5VI9ibmOA25x1rIIcLBOIK3wFFw+k7XiSd6RzeUYjSVVhkcTRYRjjtn0lnPOJsZihHSmZA6OL+q/z5TmxEef98nNSNyLXtRr9bExmuxI0G3KHHUHNaqeyvG4US9uXqeGbdCQobkwCbGgiq4z2h8qNaA/EVae+kjJGePDPjos3VR3O8xuUiL8zqYhNl/levQhcJCCrt1f4XtgHFPML7JRNxxmXksjxoBS3SZQVL4qm028/zWvFea18rLNItdSU9v8o2p+bOuA4nGKJ1tacHIsnKMryJVVltENDKW5mvhnWuR4PYC0nzocKOhMGrgijZG5xmBg3rYazPwWg/d0VdAr8Fer/3BMqeoQ9dKzIluy2zAnde5bDuHrYjDp1Ys+4uF/l8yME6qI1QgQIcrChtS3ZKbm+gNpNXTdkrWlzbHIPzRjdMpDhFcPf9TvoMb63evdse2z5PPpqmi/c22Fc9ClC9ah/lxHgG7/aOszB8PA41imlAK6xwBdfbJCttxzZaoEIj+5Cbg3m5WGIpR/QuWWXwjR3+elstSXxh36Iv38OvoOkzrVDk4LCBVJMIKoR1NshA7U8mrv1y9DTUFJAS1hXXYPgqEw/MieX+oJT5q8Lfu15mON0/Fqiicw6tlOJ9R5UOQrktOrRajeTjGnyxu6NnutwyBI+GHafx59s/drjtJUG533yWnqzHcybU2whbJauHevNtKiqG7bEjA0Ss5gNikceJcRqNyum3xKae/QSjOFkxznJf08hlvxV6orzoEQqNYeFe8xpmzqLAvMysXIzU+c098cmEDVZshgYNhpv6NsqJJi+annbTc4BXlwAtWrX8Ol5pLhwbTdx4MMRxpHlNUGo8e+GwivYsfS3QxftOxbOZu+Mfj3I9AGLOZ+Am19YTQJhAnQQPpFJZ6JnUKyYkHcXZjBll5DmEEfoZ7f+TdPH0kXqJ1kIAudiiBLNKrMzp1abuTNRW5vBuGn1DyPmLeiKVB3VVz7doljzCE+EgHYhJrbIrsoorZl+Dcsuzryh9ojW/oJFx3VYhXzkQaDnJLNhzpruVpAWAe6fVhtz9pGbruip263jQfvJRjSHortuhnGy34IPwbBhz49r17KsoA1/gFySwy1NfwOOm9z2rPpIS4sKSbcWQeW6ZHy5PXr17RGGje13ocGpLhB2fDZu2/byImeq7lBZppgphk5uiFdrUSAWp2u4zi5QeXBCNKQ6FWiVMlCuP7GO4Ul3s4AhBvUipplkapuqdlxwrvMCgAt4VYj1AVe849VWtySHFQ1Wlci+t4xjB1PjVk+yS4wCJn9M6EDr7bM/GgDEBQZX66yiVpKdlBba+1MnYx0fE3q9yTr0n+uf3Dq48nWGFowPBfZ5x1wVhiHGI6XOsrUHOmmqGlXO+ofraooFHRhvz9++9fo6HusB99HzrMrzktB7V474EJDf3RRC8iFBu5YV7laMqtibtHw+HZESzM1yYQkET5bbQJZtEjKEgLRUZfS6WmqsmRa5uQ/5fw83gU0HOoMuVDjF1bOUutypIphNHCg4cUIP0Uuy0JZ9+hMrI5eKMMZFjsHcavdO8frTT2PU7wC0LcK1FITikgQEp9SmxAasjSps+zepPXhR21rnT8nkY+DgPXamtAEoH+s3HHegBMQeMfx+zNeB2o+vt37g7JQGBtsJ8p4LaQZx27hY1/vvYoO2P+uNP7v9vZoOinYOfAquqnTMJROBL5ZCNiHMUod1sIvQH3XSYhoNkLQ2HIJ69gEQuOyDUlPEmQgIW+jF3rbQobYBV0RcdXcpNS88AR+Ee/jU1dqSNLiZXjG9inaTLvzIi0tOtyuttzzoaz2z2yRE0hNqB+Na35XAik9fT42Aefqy8ucvfLVEICkcvPf3usep/I0kOcO5ZEVgXeU5s6X2+rcLx20kaoNXpLUyIvLBG778Tkdm/TPkPh4gRFCdDBjRttLc/qq99/yrYpOdsNrG76goCQhE6YWsmuodozm2uihPg0l8/c6z9sxx6D0nyrckRq/gsWOAQc0YWuj6Ki0Uh6VHgI3VdNrIiWUBJourwCoNiR7cjxodVw+HDMY9grohHTc4vUGxiG4Et2GpSQL0JYLMNuxgaHpU/JArQPIcZ/ejoz0UT+eJUUGImmu9j6coXClauBarVTg9Yh3FJwlHvRJ6yDL0FrpjKRwy9CFpe8r1bJmWLfnJNY68OSgDFvZhCvnBmXQJ7zCU2W10iFb3QEjZcpQipVtUrsZD6WKvAEv2p6Q2b5tq6C0E/sFRzcoUZjPEYehGoYVWhfHOTlm9IUweZysFoY+JiUfJ3Q5bHsRW93MRH/RrF+0IrNAWSJYiH6dVok5DS20xt7xyCbR4fHpz2/3//Tm7aPtDgv296y2RX6jROCJxv0LHOT9N8dbjqjREzpJFyQIde4BB/+Bzr3/9q15jhVBDMiBq5Xg1UkK0YcAsKwhZjnuSK+eS2Wag1t6DOcwpMyMjIqvYXnhhIBgdEJ7dk7tkP2CGb4E41vcGgxXbDO+muPfcvrcqVMHuboZJjz57JEG72OHYVbgjuZFPMsxkCShAFDsCycrmwSWJ7MSO5GkhuB9va+sWQuEk84RyR42LYRWZIRvqRYJIpvz8YXA3mrVh/3YkVmk+/ppvW60OOflijaxlYGJjs/DNQ9AzEHRh7eAOjqepKrOXi3YmnEqZzz+9sr6oOpB6ULetuVuGNy29MQJU+MxzcefcIYPYX8PbWLH0oECcgDzWvePDw2sNbzQ+Dm2IQ3qEq+zdCO2Cf9Y2Q0Fpfl3vsZWa7csiywbMavsl5gOTPIurtQSnaLs6Ky/AtbKW7JrFsAxkPaCIq1YtyxMYxamajh2f2WHKJ7wGHW+HDThK6WPo+5dFdCYuas2QUIqgM4HYHRzJYNS2NVj1rTsyyP98u6uu/eGF6EMa1vONHGHbgqAK8Ghr8ReOilB34IJ3YaL0FlWuhsDpz6M9QcFwSluMqX/fPv119GLj3O1hQHKHT3Db9RqWN6+dGL+yYnYb7Od57mSyuFZsYfFoF1mtlANNhhPPxOdr4+kzkEI5Vyu27N2CPGWPvWQHENgxW15ZIBxW3rL4LADgMrQsRsCRG7L5gGUA4jktvQeqVYoaVuGDtQAeGlb7mGcWnGmbek5TF3QnlBiRycJPgYLPfhAh98mhjnrdFcG/WNQhoBA1itvh0HteHkzYUSXYTDwFQIYHTpxniqjK8uLGjHMI11pQ1cR670VRaKPtqsOiiXESiw2Ydf+SVfmZRhSaisCZsGVNGdQqC+TRYnxUqGdhIpFyRxf6AxMXYSw//7P/yptRxYYkZ0CUlRWztoFQz9LgF6oTKmwEBsmwg50pd5xMj0xGQlxWWcn6BI74OS/ymHQKu5TDS+lwWAd/djcH3tpjtxCHmNEDtq1uNhw/Y+tvLXLYHQIRFwgOdvAQN0mp6gyEhZbX32nrzk3xKDbnEk34JjspFtqbV+PA/NhaJjc8niUTG55THomtzwwVZNblg9H2+SWh6JwcsuadE5ueRhqp8r89BcQfey1dWTDejbbE7LaBo1iH8ttnVFcz3p7aEoptwwctI6rQV3WG7lBFFRueVA6KrcMGL1eNFVuGT6G90Vf5ZYnSmXllgGT0sMvsc5ErOWbeGAaLLf0HrGeVv+6dn8UtcecmycGzQbaHubmCybEGlbwLqttjqf5ahJD8IiB36UXdVADoVo9z6YVplob3wcoCVodYIwhDRcdunXEtjs3j6dqbsfIOAw9Ok3HRYpYTuG29ZzXSaXKTQ+/rdkHilHit6TS4t2Ob5Z4Ju5rIkJ19hrCHtsiiCKiyx3RRIKRAIgzEiTt6sH/0Gs8Kmgjm/AoVRBJ9FhUgUhcV1w990XNejCCxQJAJMSPRrXVcFCchAmOl+Yp7bQsegxZlUE76GjqP2xH9Uq1o4ljlGoepzGiFfZxLuUYhN/J/t32837umr6ums24aXpKyp7umWFC8iHdMo/vknkK7phHcsU8ghvmoV0wd3S/PKzrpeem73a5DNvv67hanoibpeeIdbtXho3YOm6Vx3GpDBigHq6U4aO0lgvlUdwnvS/FB7hNho3XfbtLnrirpOcEdLpIhg36Gq6RR3GLbMruW88VAkhzh4U65c/CfH+DkjFqdWpDiiAokhkgMePUEHkUA1Q4UdhoVpUQsAv61gSqomMeyTcCbyYwNUJQICUNsEt2kEHOQvhogD1OS8P6OS8XWmtAeqbZLONs7GB6xvuzN6+9nTZJxBRf+neYnvFySm+M4pjJCP9+F4POoiFuYuosMqKetAYoYi0cZRAaoi69UBEDoIhNTESXQ6HnmzMny021/Sq7hETfKYhFBLtczVJKJXTA0kcawwbB+cZAcQNqLdvnkIKGaC+hCHOMpXWqhG6aMYsOII4yXi2IrlXrmLZiSCNXym5aOigcOQ4NhdGixheMfrDAL0s72nQK2ezjyxSMpEuQ7gVRpzqA4fi2UfQXT0f8iBdUMLlP9Uk1L84v4mWROtONFKqmlzs15dudJ2csMPshZNlDzK62MxL7MhDaehnXaScgwQBjgM03NLiqFYAQkVWCxX9fgveAks1D7aBk7TnamTB9WUmcKBNIFHGmDbGwzajbmQJuqwK2XPGJ8xcpzrnnStduKkbSwBU1BuIsZJinpEdY7s19AHsf/CfEqeQOvYZ+CboCKYT8IhkTK0lzveg10S00eojC6y7Nrb8c9AGq67i8JnR+f4EDB9GSs3acXHwNntGMxQqcPD1o9UJhnrF9W8v3bbSi9omGN9H73HrM3sPJTjWqUeXjtalMHbBvInNw10KF2nRdvG+DvHXSD0z3rMIqZHG7DMfFC8Qhq9BReyakBlf9ktkPqujam4THNesMX9vRyT9VHtZaSIWptblLmq0N5SWsTyFLimoPFln/EAp9rC1CH1srQh+7boeFPtY/sEIfa4rQxwp9rNDHttDHPhgvLEdSvGs7oLpXzfeVGgxoWWk8e5Skj7a+mrwZUlXNx9lUH+GoAfmygEEAuHYy3gqbBl0rMVoUIHnozW0KZ4gU56TlmOrdaxaJ63baw8IFpdHpZf5JiS5Ogl9lqLTgkaiqvyySGYIskWW/KNI2+JrAeNStxm6joB5g0mYZVGv267lrGAywaZVx22UuHPNjDeCRtOavPCaP0oWfM2cJeKUIZriuBdEicN/jfh2O0zEHDWaJ5y6Cn9o7FYxRCty3A4up7/PjFDO6SoNKhPIZBPMkK8dKDhMKDAtdAGLOLpRysJoq4chYxDCOQGO2QkGAp22qTOPJhHBQlJ7U5jp5pbT9yznGV1Gm3yiKjiDuZTxdTdCxOr/VOYDMvETgsQxPBg6bqxwrGFGUiSZi2YlOahd8IFW+16E8WM+5Ml/Ab3QbqWMEsMgpLgYiTsAlN6UOtTT9a9X0Of2A+n2VThfcfDollBbFTs9kMrGqJzyHexiEh9oB9kVI5oa0A2b48AsC0ixoViC8AoY/afdyquWt9vqYrGU4QneibfTt40IxIR94/69sCxiYP23DmtqGizoYXR5T+rAC1KXrVl+GlLK8dNF4IKTEAFdPqiukpZZvYHgd1cAiq6ph+hOvRlJEYYR4wfIdDx3hTTBW9xnw8eFvd3hlAYAqUGdFVwBfDRNEOq4aKSVbJxmmrmqQ7atksUjb9LVvKcmS161ZaWpNqNMA4CxgxOHGcgoqOH40suSEMGaJ/hwiEBcmROzjyduRJQhQAnSyAlid2Xl2qQ6HdpWbYeKr5wSjNaM2oupGzkN+m7MS4V6FgVw1bs8YBT7fBCHp7Y6FkV4pzbC1HVrnr0Xr8W7j/GDYPQWAJl23K1nfjaK/mAWmjmLAFNShQMvKAtECTf3XlUkoWCAtGTfJDoOeleb6qkXZokJYwmodqdbO4WoqB35ZYt9ULz9URuqS8HiBJQDEH72bkLnB+jHRXmCHYvvwpGEiFr5+bQsWP7JRgdofwi3e4ehXnXI9vbVXgjD2hPpJryMHCwZ7XeRj/EbNiDpkChv84B/9SjDfKXneLEoauTwnGvGF7lCYq94NibhanaMFYe/JId5h93yan+8yZFb8avTqd7umLreq3etXuyi/Rpf5r95+98030TqutO5w07sGmnZabp3BpX3Nt4cJKH3MUNLHDSJ98PDRBw0cfbiQ0bWDRR8qTLRzy4ZCQ/vu1mHhoI8eCNo5JqHgz75jMizg86FDPXsNQTC8c8g4DAzpfOBgzh7XAL0COHs7rO8taPPJhmt2DnEgRLPvsA4Ky3zggMyO/ncEYQ4Lv2z3kurYgh8MGHqH3+l94weGSxvsi2UFVp2f9bSfI4NCWDhODMBvv23pUgtp85XSrdfiaoYfWrDssnJ/g7U6IXoc1tRy+/hmpIxMzsjciU6IsHEnOgOoyDleaO6gq1XpE+lyPMiliYEXa4VxUMiGCeHwxmJE+57eGBbgymUhVWcuvTFmElBUEaBZpykShLCnzm10rXqcLOsHf/QkitZjp1cu+gGKdEyMaybcxh03+sEm2+qQRPacSz+lc41qz+WebHI3L5PiMjWkOzaKFcm9fctYM2DbkOoGq59bPSj+4A4ql+BBMJGUfgT4SmCver9RuV/t7f3aCTkaJ+qsVmcUs2vBbTMR5fjkirfXulnMm4q3bKBY36ZL5z32rtf+1ttsTOomJ9l1apmiWknp1l0k3jOg8SGt1teEakufqEMc7rzcj1bn5tJRLzOMrrRrDqwrvRLRXo9GaHDpxW8fxCu8+qN0zVh7mK+To3/9ewtRHh32GPTVHeTT1UyHRsU10cXctXSWlBneImgmjWoQHL/t/yvzOTfHMLLpX0BtqjUzHX+I+ny0f6mdYDSshpiz1hbnXVZ8jiG3oPlq/0jQ+06qHzaEfOC1HJWkHQ3OQbLLx8wuBtSD2gj/4CNnlw4ZM3nqsGltMp5wlfZ+cD7pamwzVFW1s8zHGR4DFtU5OG+44nRsJf3ruoILSu2qYoU2WjZxMCYMrSf98vpVMlX9JIWCXJp6C+SLdL7/4einb04rH4eksDtBLCXpxyashyXKAnkEMaDG9Xk2YPjRd2kRnw3UPsdUEJKgxdx3TiS/K7DNARg+WGAUPEHJPBMQiUqd1DdqVXqRoLuDuMlKx8+m/omnb34JPE26buNiYrUSxQW4QdCV5btfhnOhSNEhApHtpj6KxKi3457tIiNsPQK9odQ1/S3h6dEXKYkmwiL3npkFfRWPNx4OAaalv7Aqbtv8wGiq4dFQHCYNQYkavmy+MjyG6nCZwfUosyv58Dg62VeOAiFuj+QdapktP4lsW+h3A7S3NfBbPelNAbhL1HcQn+WOuCwafcWnInnwWII4LN0BLQxY0tGLGrqJtkw5uaYKrlK2HUdusbG9yXKpnkTeowGhEj1Ik31meS1sfh3D4F02r3HVl1QZHk0cawD3d3CzyLZaU3Wm/vsVbTT/fEZDhaM9elGv1SLZOHGnlhhcvTRH3cEfsYLHjXrxyw3aYjavEeiL1vIcVGpAY8Ob0Fj6DacheY298hnLQEJj2cxoTCqG2Fdls4n3v+Z7Gu/e4T82i7zBBV9Zja9CNm5CYVSU6zdR06jav8rKK7VUlzcwlCaC+J9pkaNjo4NudP0VKaTpQpruLUKa/iWQpgvN7i+bZleoPjKh+hCqj44XPCWqDwfvVUg/hPRDSD+E9ENIP3zzI6QfQvohpB9C+uEWIf0Q0o9fJOmH8E/4i/BP+Loq/BPCPyH8E/3aJPwTlfIUPAPCPyH8E5HwTwj/hPBPQBH+CeGfaC3CPyH8E8I/USnCPyH8E0vhnxD+CeGfEP6JwSMi/BPt9Qv/hPBPCP+EKcI/IfwTtSL8E8I/EQn/hH+chX9C+CeEf0L4J+q9Fv6JHuMh/BPCPyH8E8I/IfwTwj8h/BPCPyH8E9Ui/BPVIvwTwj8h/BPCP1Evwj8h/BNOEf4J4Z8Q/gnhnxD+CeGfEP4J4Z8Q/omN809w0BHXVOcoaEbmEb9A9VddnAn13WPu+g1Y321DQrY0yMs3cUjV8GeLIssxvEGt8EoD3ckX5ovBzBdPiankCbFwaMKNc9VDgj5Yh29jHYoNXZFwYggnhnBiCCdGpQgnhpsKJJwYXzQnhs3Y1El2GDoxxWsjTq9ynPpoLC+1ywFiPxK4AtCY0auwm0RYN4R1Q1g3hHVDWDcoMkxYN1qKsG74irBuCOtGy9AI64awbnAR1o1w44V1Q1g3hHVDWDeEdcNfhHWjtQjrhrBuCOuGsG4I64awbjSLsG7oIqwbwc4K64awblSLsG4I64awbgjrhrBuQHkiFr+wbgjrhrBuCOuGW4R1455YNwDBnXMbNkm8Ua3WhApf5TcR2Ii1HE/GlVlCmNeSgAcBWB6fguoiQ5nBFnfg9UrNWCoL5ILMVmuj476qItcjpNK+TRBRS2aPmgLxObfmIVRwVAcyQPcMLaRKbN2ejmG9k9Em1CjPnBoFevITZLOpTQFB2RueR0/Vd5zOmyTDpAxEM1JfXOMbQoKMmAQmKcWcj/rPMldtJpprWHOmhadGeGqWwlMjPDXCUyM8NYNHRHhq2usXnhrhqRGeGlOEp0Z4ampFeGqEpyYSnhr/OAtPjfDUfDE8Nc3D3fuY0NlEQmcjdDZCZyN0NkJnI3Q2QmcjdDa+InQ2QmcjdDaVInQ2QmcjdDZCZyN0NkJnI3Q2QmcjdDZCZyN0NkJnUxkZobMROptfKJ3NsljV2GzsJ49OZgPOeccZAY4JwIGdl6hIsDZy/WoLTY/oALPhtX/7kHJM1JNbLshwA1x3nBZLdRbOVd8LqC6bwxjF4ySGCKDXsI6yuLxVsnu2S3/DCa5Obvgh1WCOo1gdYyM4Ys9X2XRC9enI0Oh6b/Tq2xEw0rgArXwsjNTRTN3R9z+v3XjVLU0zYkKF67/b0rCeRKth1Ut0DaWXt6+jv6TnV3n+CT+9ob/1TBKbA2EuOrNLTixXwFArcBy4ipifqj1EKr87es4DC5z/XWYA0W0wDT9JQUXiWTdLL46uXzl/aroV9LS+bowjj5geZQaN1f+Oa4PL1mslIQpisH90PwXwdfxmMV0VydROBo3zVV4gZIp5xYwi0sEXCfcS5vkt2EY57Edj0oCyc+30dyCH0webucAjVGe5sakaW+5Efqh/3JOwqA9ZUZWf6B55iQZyAbWM0BrMP3HzcpUcUN7Xz1pfT4PAV7ijeZ1rC+p1Qo4dequ2hk1AF4U17wp4zVOUTNVwf0NLcw2iooo+4aQDLlsZi5ityPXaHzoNPDOXEfqev0hn+TVdSHDwEOGdfgZ9C13gjk4l5EdCfiTkR8+T/Kg38VHftIYAVHe3UbRpaO6NQnKH7+w6ILj7eb7uDXL7XqC2B0JsdwBrDwPU7sHh0QMK6+4wWH2Q3brhrwbAkz0Q7NXjQl49NtzVI0BdPTDM1UNCXN0B3urhoK16bOQwpFX/PTwUyurRL1n74UL0B+kMg0AMhK16eMiqnoPRAVU1bEQGQ1Q9ODxVj1HpDUvVf2zuE47qyV7B9hrsIARV/wEeCD314LBT/RKVQnBTQ6Gm7kqWh7qwCatv4jZbLWo8zVeTGHzoJteSXtCKC7AumLM/nrPqJTpVcwP7Ka8BVPvb0jEvfdCz+w/n/aNlbxIluweBpne5fml8wnfIctowqvW9oVkPSHDyOA66h2PjaNVrolSHzfEuU/xuZniHpOkwv/sJmYcwux/P5H5Mc/uBTe0HNLMfysRe07x+GNO6Y3O2m9T99uUQU/qRzeiOkWg3n/uNxBCz+WFN5h4dD5jK/Xs/yER+UPO4Mz+/h1k8jBl20+bwEzWFOwa21QTuN5gDTN8HNXvXtR+GmbrdQL3do/jwwLwPCsh7D0C8gbkNYb32CJG+X2zXh8d0fTws18fCcH1w7NaHw2x9bKzWB8VofTxs1o1gsgZEVCsGa7d8ujvm6uaxVlt72oZO6sdUDaGWhjFU7whfOgS6tDds6WSiZFfpc/R0T/K+/jG5qfS+NXVC2KayRAELIHePou7pHueLyoZv8VyFEAT6webwcHFPrB/fxcXR0Zcgj77y63Dc5bWwAeinvXLszpzjPPBKKJtDfHtXfSEDQHAc6Z/zcgkK7o46fymu8uhD6+WOGsejuX7qXtDPuI3e7zaLa/bl4OCWvUBwBQBXAHAFANdTBABXAHAFALf/DAgArgDg3icA7vNFtnW9B+xnwrvNqI75uqTkwKkGf/WOURUO1ijxGvLW3kvPwNmttv85iHHOA9IYsJ6a4TiZ5peX6LhVtdG5So6NBR2VvvAjR5qzOsMCHXqLRxSfRhp2V+eLO/5jX2uSSma5EsEpYEayp+Ai+wxHzmqZI4Atugxyv8sItaEXuFu0Gqy0AIB8fEmbRocDaCheDkDKZylcm1/6wRUulKhO4GIfX31T5NpN48zJV3RBHdlj2kno8F4TV73qO+zuSsBNOweAQ3QK8YWM670zTlJfU0HM6nXFE3Cj1c6MAUiVvDrHrFSwHtQP1NyB5lTycvXUCj3b0bLKTNNKLZYFCAHrjXb7QyPhv1pbgKxDOAJ7rZAty3R6oRqK6rA6x3iqZwAsy4lCE/+y3Ie7AVx5sNHchZeP1bmqES3p0oi3lDnV37npytXC0jJBHMikpI1sIh70bmRnuZq/Xd5VlKTp773tsVoyanEuVsNClDaMSf1I4qpcjcfZfLysoVW3SCqLJFGFrhYRZZonIkpE1FMRUc8OJh4M6Y+UiNzR0Lf2SXNXm5bWo2NwrZzR9zSzZrmHcG7afS+BGWDQhH6w971Q7wn0ntDtPe5qiTWVWFOJNa0WiTWNJNa090hIrKnEmkqsqcSaPplYU0GzdUs/NFsT1vFIaLYbiPXSqk+1h45C7gR+MQSoz8ift9gRI4OC6gaDJfgvNPXPV+fn05btvNCX7iakCE2TqrHrG3KiWSKNHFwzHHtGDhe+DAHfkJqUGG70oo//mwweRCPiOR8wE8PARi/g8os+0Wijzkc+uFGLBToYFJGDNLimOtxfMyiO8PGqv+qC/INgDPBo0F4vM+Qsg2TPqj+j2QYNpjXST0NNqrezRaU1+5dVEMSJphgXAEgBgLwTACSdJgIAGVWKAEAKAKQAQAoApABAfnEAkA5Ki0BB9mqHQEEKFKRAQVIRKMjo0e8Veo6OQEHWBkOgIOtFoCAFCvLLgIIUFENBMQx0QlAMBcVQIsskskwiyySyTCLLJLJMIssksmzYwEpkWa0IiqGgGAqKoaAYCoph/f2CYigohv17KiiGgmIoKIZtLxUUQ0ExFBRDQTEUFENvERRDQTEUFMP+MyAohoJiKCiGWATFUCDCBCJMIMIExVBQDEVEiYgSESUohk8BxfAIIh/WOB+O+becF53ibUA2KXdXEPwAK2s1z/6xAjQQHoFb41j3xvEOC8PA+0L8/7u/gl81auwIa3WiWnrEmYDZvO/8BPK5K+ICGtJuarabN+AJ9gUFNFoAXmW4hve9eK3wPRMHebKaw7rpH8F0UPuluf/ztU39UeSry7ZAy4KrAOSFJTkgX6QA32OaN1EL4dXo29HXL9eLUoQVNO3fuR/x+XCX0Lf71QojTuPiq5auUT++Gb367Wgv3hudL/LRt3Eym/z22zV7onbDhyL/fDugM/onwf6s3ZppuhzWFvWDzbeEtb5eu6jVn/NOV+JvF4ZZkzyzWmYlBqel3qyaa1D1lC4oLh0UobdpUszJOsfVpTSnF9+9bKmUWxBnE5KVaoeo5383yovLXaVVrz7DP+MFKIvw13e79gej70ZXy5kvvqBznPk2Zn55eqv6MuspNd/rX0X0s41Jzrw8mrXeFVRh004jfDSwmXfT5Xg3L2NGeQnu6MP0PFPa1A/HH3ffwmBHv8OA9/Sfty/X29glDszHj3dbwaemlg0vYbs1qku2eolvrgrUwX+iXv1nRF4ol20+Rn3GU1LESNWolFz0kapzfjXT0Da76Txelbvq65/V9z+Xq3MzFj+rpa1mFR7dfbULq3q3uCpnqH8Mn4Z2P2NcURY8X9MZ7vmi5Yj1PFk5pXzf12R/yyNWIHseMHLS811tb/ueoO3m+cYu3xbV0+tsFQBtWyTNSdKcbJE0J10kzUnSnCTNSdKcJM1J0pwEQFsAtAVAWwC0NwSg/UCQyV3N+GXjZz8VFPNHw/HWyNjnqj+ExbMOMPYQLGxdgYBXC3i1gFcLeDUWAa++gwkm4NXUWAGv7soYEPBqAa8W8GoBrxbw6uDoCHi1gFcLeLWAVzsPCHh1JUxfwKsFvFrAq7FIVJdEdUlUV7VIVFckUV29R0KiuiSqS6K6JKrryUR1IXg1pDLwvf5d8Kur1ZhLs6v8JgKroxbGRUp7slwC7hRB2QAOrBPGoxGo21N2MeclSi7IzEndy/k6wCwEX0X7NgBCTfkeNUFZjcWteQgPdNXwDHCifAvhkECzUU15tQdmZ64Og0FGgSCGPzHEcGjxTxAkpRbxUq2hO86Lp6o7Ts9NkmHoAGJJqy+u8Q1+Ox6HHd9NiWM9Z42rNBPHNQycOYFlF1h2gWUXWHaBZb8SWHaBZRdY9taffkGw7DutV24WlN0+f3h86uK1q38KYPtmAdth9aFemJZvPi+y4vZQ/bnOfj/w1qQbneInGOheVz3dJrRufqOOo19YQ+GxDRAtpsncBpRvGItKMO1tEUx7wbSvFcG0F0z7SDDt/eMsmPaCaf/FYNo3D3fvYwJ9D0Wg7wVXWnClBVfaLQJ9L9D3nuaJiBIR9VRElEDfC/S9LQJ9H2yBQN8L9L1A3wv0vdNjgb4X6HtbBPpeoO8F+l6g7yVJUpIkJUlSkiQlSVKSJCVJUpIkA+Pz3JMkBfreLc8B+n4Y4PqyWNXw1u0nYbj1OI63HJUe1Pv0s9qkJW5nlgnXr7bwcI8OEJjlhOs7pDRTMKJc3FpE402c2FyIJY7JBi2gumwOHYjHSQwuhdfRGKQIGUe79DfsKLWT4IdUg1lAsVp4I1j456tsOqH6dNJLdL03evXtaG8L7gOUjadfTy6lkdow1B19p/HaTb3Z0vjaOjwtVbZR/adbGnKXoKWthIdob7VGb19Hf0nPr/L8E356Q3/rYSdEY0KAteuWLy3dhUwNwaHgKmJ+qvYQnbXuADoPLBBtfJdRsHUbTMNPUpBaPPFmacTR9SvnTw01flnkq8XrxlDyoOmBhiHIC2M4xrXxZRXRJMek1ChIQvmx9sVb9Rl+uZiuimRamRUa8Ku8QCQt864Zf6EWzmqaFO5PtgApPYe9Y3QLkFbXTt8Hkg6cYRbsfDU7hxhQsDzmMV/CLt20tGVSXKbGwWTzKctUT0gTJV8Jpmk2TvR5QYvhpPphUy52NDDRIXG2bS8KvBbENMJlBO68JQBm4WXhKSWFv2xtpKnvxNdaE4C3bnOpaX2GcRQYR1WHt3nYxdamTeBgGOPdpRWjGns/maoD4htaaWuA71fOI7vcO8D41aKn2GH3IvzQaSYaohgmqcNP4Jromu6kOXwUjW0l2yN23TqeH4H3F3h/gfd/pvD+6bI3wv9pWttT7a7eLwDEkfK/P+RK/neFy3jNhEPn95XhXdBHmMmsJI0J2jAQAgwEg0Esk/xmDonhqn1dYCzbJ0oy5bPtURT9hO5iJ+adv9uJto/TG7VRttVf75UCrP5q1Jqqc9R3O0NVeL6gKj1f0BuGDHpNgVhn3N9Vq9CLStWczVYzR0lg5Bo8LskhkqgT7mZ6a2A0tQ1nM8pQKeiaiL3oRQOY00npMaoUoGnkSP8D9yl4mKnam5fRjo37zdeDbFytC64zjlr1MbvSDJyWD7r21gRPPChQZhN0xESp5aBfZ+WVGpTlDUCJmDSgf6ZFjq7m1dz43Dvxh4IOgYGDVaptN1YCfJ3BOuXfcl48mI8IYkFhp44mirGjtJwsxAoPJKCA+P1Kb7HCT+ktgUq4YZUOWgsoa8VEo3RYq9fqvW2CnMrRso79opcxYFSBNoS5cGAabyCwLOz4otfs/gr/G+upacr88G0j9uTNZ9A4KmZqYHrrP6kiHdDM6uboy+yZT53RhXIL7XMoj/ePD/2rO5Ao3GhqMIGzvaU6kJC/wVVkYBBoae0QQDBFGINCzeQt+HDrS5VlABozrhyAF7ZLtW1suqlZILCsNf+wMSIIaqwdjbxlTOS87XKyUPstgNoPxadKON92g6pHZtR6Nz+Irm7rc32POE9flTT2sF6vsgVdznKkaHgCqJC6YBl6YIUezXei43wJ/3mDN/04nYd5WqpP8ZM7jw81bVOjw0Ixw+RSTC3DQ94xU0pO9U7tSKqnj0BqclfDK+LKSSOE6lFYnqfovaFEW1/9PHrqH+7grfkqfg2ervQN2cBT8EnpoPVE+xO9mPS2zNLiMgU/3/gqNJdBgcTt7TPdobQ/XULJilAggqftt7EZ9pYHOuH9w+3Dk+Gt4xmuF9cF2CXXOkes39J32kRiHcDb1bL/F0hvXEH/VhOcFQC2hb5NpXa63xkceVNN64uQcg2mR/00pfggCG2Z0pmCNx7Vk3NHadWQ/Qgy2EQObKt/be+0JDpAcbfO9tF8W2e51DaEObAwXGIbv9seDT5se2SpbuD+TKtP62iWZ/xbfa6xDYyHGv36nI9co6xpALEKI4AvZESN3+riQmnfMINam8chm6RLzKfyjdr7WjgQ0edVMfepliW/HFxq3I3BAWN+n0f/8YNyCsn/STHhwfuqNLU+0iW3fr337T346upXZN6HBkgjKL1keP8Ded+2kc9kZdfpTKEJCgXyHTp0E5ghl7h+Q8xtu/VjDurC2Hspw0up1ZhPiWUQakXxARC3WXrt5vCbFQAy4xaXq2pw4DVozpHdPp84LgFUxRCSDR02s3ySXSDSDJsyAyhw/BYTIF/EymieqKVkB7W11s5TLtK372k7KQ2U/nP9g1MfT7Yhh4RA5uzzjgHuI0UcPL07MEe6KWraKWY68Br0C74/fvvX6Oh7rAffR0fLVVJyYqmaAw18Ghr6o4taTBs0cMf6H9WSWRUOkh07nLVcNSi8oR11lcxthYukLE04Ny19QoCelmyuQ46l3QUcQo4S+nOQ+O7KgXqlimE0cKDhxRg7StcjxWqKIH210Qspo7DYGalH7d453hjpeZyiX9UQEGFLLXKoGrgZRH+aszvwFu4s48rS+vAnbrbOnw3U1AqDXlsTmgAKWN5x3tAGs6nL8fszXgdqPr7d+wPiPWJg7w547HD60gyBfPixr/deRQd86ikd5ru9PZpOyu4OvIouPwxYsoVZMgsB+zB2M6gv8tVcp41SHjMQri6XsI4N2g0u25D01PROAAL+wkHatKjiWLVOfzYvPIFfxPv41JUakrR4GZ6xfbS6J6SxZReRlhbQm6DHT5d7PpTV/pktcoowC/WjcXPqSiDI/B4bVCH15WXOceLVW9Wkcpl6J67JacAkgfLIisA7skjYEPf6MC1YDkqNvLhM4AKVAHQ5KuSfIfHxAuMz6GBGJ89Lc/qq99+yR9N4ESlEANVdQoIz8UEhnxDVjnE0Gz3UpyG7q9d5vlE+Te1qYLFjIvtNwNAoOnLwoVHpQSsDptfo/0oCTQE3vTUhFQpGt1uTAY4ZooxO9HGrVgNf7boS3d70JwvQlgtAAMMGhqbPRYMYGemjfjxLigxE0lzt/QmjP1OPIG7RSIVUAzpbmIag60pHt4XWSufltFuGLiyTEF+UHJP9nMTaPfGiujex9Amv8FSZz3TIVncAwJST3802yQ/6oUvVSQIv2mYGgm1bBYGL2C/YvFeiMJ/DGq1FtoTWxbFaQUCKwCIPbRlXCwOwFZCPE3IM217EVjczATU06xetTjQoS/Tr6NdplZixBkNr7B2PbBIdHp/+/Hb/T2/ePtrusJH6z2pb5DeQ52h8L5vYHG/5cktP6CRdkCDU14YcTwU69/7bt+Y5VgTxbgyylQKvQLOM4hp0fhg7svTquVSmOeQOj+EcRteTUfF1Th2cEBAFTKQELnJMcK0CKwDm4BW3JgEL21xPdiToTYNGY/B6HMQZBjJK6RfFKjCXaJgVuKN5EWPWORqFOSIbq74wIq0Jb38yK7HT6T/kauZ9Zc1a3206BwWhAr2uGgzgBbf5ygbGwIDdzMNXC5FZpPv6ab1utDjn5Yo2sZWBiY55wjUPWZRB0YccDDoumaSqhigt2JpxKscZCi2RPhegULrSZm25WwKtLT2vdNR4TPPxJ5xhTYA1qIkdSwcKyAEEL90/PjQ5qfBC4+fYVgsohSDz+UQ3YpuSF5XdUBCWc+drbLV2y7LIcohI0tuYMdLQuwgJ51OUHZ31VzKteEt2zQI4BtJe4RQV65aFaczCFPL7f2WHKNZcX50vB00Y6MtQ964KaIRnVZsgIRVgeeWqDyCDUtjVY9a07MstG1nn291In4sQjK4tZzkJZ9MUiGSAQ1+JvXRSgr4FE7odLSDavnQ3Bk59+FoWCiKQ32RK//n266+jFx/nagtDHjZ6ht8AqcvtSyeMmpyI/TabHwyrWuxhMWiXmS1Uy/nD088EPOsjqXMQQhlZ6/asPf+3pU89JMeQnGBbHjk72JbeMjjsAKAydOyGZBHbsvnsx0A6sS29R6o1D9SWoQM1IDfUlnsYp9YkUVt6DlNXFAaU2NFJgo/BQg8+0OG3iaM2nBkqPfxjUIbc19crb49Y6Xh5MwZfl2E53Mbl5Ybnn6fK6Mryosa98khX2tBVTNRuhQrvo+0a6ptN2LWGaodCY+yph24QpbYiKwpcSXP8t/oyWZQrjFMI1IuKBUU9aJTRyMGX/O///K/SdmQBlsgsBZiMrJy1C4Z+lgC90Ivns94YQTnQlXrHqclGFJd1aIEusXOFIFUwaFWUW+YQ0XE7jn5s7o+XTcTJaiGPMdJD7NoQRrj+x1be2mUwOkyWiebz7GxyiiojEe701Xf6mnNDDLrNmXQDjslOrKTW9vU4MB8GQ8ktj4en5JbHxFZyywPjLLnlATGX3PJQ+EtuWROLyS0Pg8tUmZ/+AqKPvbaObFjPZntCVtugUexjua0ziutZbw+NB+WWgYPWcTWoy3ojNwg/yi0PiiXllgGj1wtjyi3Dx/C+sKfc8kRxqNwyYFJ6+CXWmYi1fBMPjGHllt4j1tPqX9fuj6L2mHPzxKDZQNvD3HzBhFjDCt5ltc3xNF9NYggeMRyL9KKOLC5Uq+fZdMc1Rm183ww0X1YHGHJKc4KGbh2x7c7N46maW9i/OfboNB0XKQLphNvWc14nlSo3Pfy2Zh/SQInfcoYu3O34Zoln4r4mIlRnryHssS2C0Ay63BGiIRgJgOANwfzKIGRDtavB8WBupsMchnwTHqXv3Qr1WPBbogl96qbiNLJwgrde72zydUKprFRb5a2lmzCRV1HvuyyLHkPW4LPfxLDV6WSMo4ljlGoep1ouUaDiHIPwKR5k3sYZf1efW19XzWbcND0lZU/3zDAh+ZBumcd3yTwFd8wjuWIewQ3z0C6YO7pfHtb10nPTd7tchu33dVwtT8TN0nPEut0rw0ZsHbfK47hUBgxQD1fK8FFay4XyKO6T3pfiA9wmw8brvt0lT9xV0nMCOl0kwwZ9DdfIo7hFNmX3recKAVC6w0Kd8pyauJFkjFqd2pBaIoprMgMULJwayDs06D1OFDaaVSUE7IK+NYGq6Jhv5zajcobhExhVyEqaevXeTjRLkzlBV/LLkLGK09Kwfs7LhdYCvTw2bZrNMs7GDqZnvD9789rbaZNETPGlf4fpGS+n9MYoRppJ9ejf72LQaSuojfQKSv+p+2Bq05NWpbaK7KbSNrBJTeak4W6zrEIaXEMk07+GFwF+Xorqop0zVuCrrEU6ur8jQqb2ZodAF9p+lV1Cou8UxCIzs6eUSujAVBumXQhIUAuoxBWm7XNIQQMwRy8RsS4YS+tUCd00YxYdQBxlvFoAaaw6MFjHtBVDGrlSdtPSwZzLLbTkBWp8wegH8zu1Fcxo0ylks48vUzCSLkG6FwTw8aMRLfS2UfQXT0f8iBdUMLlP9Uk1L84v4mWROtONMNOmlzs15dudJ2csMPshZNlDzK62MxL7MhDaehlr5Dc9LJBggDHA5hsaXNUKQIjIKsHivy/Be0DJ5qF2ULL2HO1MmL6sJMaECSSKONOG8MJm1O1MAUpbAVuu+MT5ixTn3HOlu6TjvEuJtgDBwCjpEZZ7cx/A3gf/CRq7laHXIDRBVyCFkF8kaKX5Fr5eE91Co4covO7S3PrLQR9GtY7Lc3YCv7G/wIGDaMlZO04uvgbPaMZiBU6ezhEJh3nG9m0t3zue5JYnGt5E73PrgTD5W9/eqtjkf1c+bkNPJo6LyqNt+Mn4aGUpaE6Tu0AoNyDyO9CjzioYrRZl1uA6eQD7PdNRh/BnNPkO8ND1UVfZe/4OUih8LKOBVcw/JWyNdbC1jubWE2Z0P0rjSiLmYwAEm1yN48zywBPGuac+PdQ7ausoWfa92z6Uo99XOuvK3VH1aU/l+uFFvsAIVQMUU67GSn6OtUZbrpRSChMPEzdrpTxHybsoUlJgAastm6beBloXLSYwKpl2nnupWxniodIA4LZH3Vz1/mo1S+Z8liwoBch386gWcpnqIFt2E3M6FhxQuB6Zql0d22lRYLwnzJ5Pu3CTN5OxRpyA0zL9vMBEUxa3F9ln0GRclAAE7/XUidr/CzzyGBACDmegAX5Jad3aR65BU/hWMZ+l4Du+9KePX6zmkwQJWeHVN0Wuz0TnFvHMAvGCSzZipodqVK3XN+qq5G6WK+keiLM1X6nVjuuCrXtXtTKara/poCvp7cITcqPxsbI5efYJ34gRwRB+ewmQETqN2LeeVA93KkAhCWbclatFlXfX1y8aGe8mBbugzBwyE3eRZEt1TFyohmNqbpHppTDLShPtPfEv3H0wDHFlgjxxF2Y+Hq8KDc9JHgeWJSaynyfYN7pshyaTCanaKK/MdYBDA8LGj5rSXd56Bq4nuDPUalLrd7HyCPaQ+F2pcUHQyHSy1hllTiaKDwclnLBQyN5rl7P8VM3Q1BCD+vP7Oa82wYVWpBdTzKBvYppgh3LvyazWjJp3kEpau+jZw4HEaBXim4ETCgqGmVaf5hDth86k0gXKp9oQX8aY95Dwi1gC+kads923UWfZ3uRE98TOr8Pkw+R5pqq56p8idL3Jj09cEG2Dm01HGz1FZz01Ga9Ir/MMhI0SKSC3W9KLlcAmZB/O+eBqtG7jpuhz1dwSRF+MlWmczPi+MAhBr0x7MJer7S8HATJ1Qs9viHwPM5vpE82+53zko98DC9vONDZTT2KVwqph8MDM6AWrH4Wb3RpnmDZ/6o96CcYcNsDBPGgcOsQ1uRxceN/csOSIRqv6q8Y01LnBQFmbaN2ozBCBQqM7VSyzZjMMSKj+AVSmOjxbVBq0f1llKgOsGm9ThPbtF0z7Rqew0L4J7ZvQvnnmR2jfhPZNaN+E9k1o37jcj+mK7fXtCWGEE0a4ehFGOGGEE0Y4LsIIJ4xwtT5dCSNcW3uFES4SRjhhhBNGOGGEE0Y4LMII93QZ4YRD6JfNISQ4poJjKjimzwnH1AGzEURTQTQVRFNBNBVEU9/8CKKpIJoKoqkgmrpFEE0F0fQXiWgq4Jr+IuCavq4KuKaAawq4Zr82CbhmpTwFz4CAawq4ZiTgmgKuKeCaUARcU8A1W4uAawq4poBrVoqAawq4poBrCrimgGsKuObwERFwzfb6BVzzgcA14S1ZS1R49RbCPGiGmqyOpUE4NKPdha3Wmh3kf6N5IbqP4G0W08Ncf4DHN+iypog5CrVrve/pcklP1aydMbQkYf3cNevyLcDjsKqd2ukwAJaIbYJHGhxGtC8ojwaPwXb5Q749E3JuUNJWcyW3phhtbt9GPrMJJ6MlS+1u+zTPb+Y7dDquSg3igc2FCtuFn3oKZoQkK9eO1w5jMM5gZ7S1XK9lgORAFbzluU75OmsDjKXSPy2WUElh+xLQEUOfMnQnDIpmYSRMMRwiM30dM8RqNiYscKreuh0uWmBuh/WXAlQRkPbCgofSOsFcblivpnegAreCpFQrNbG0sDCgw+OrHHK91EJChU69DJZcVbV08RGiy1WiXryEEFWELeo5sIzycrfBLZXCVWTL1rzivsN7yvVoFQKlmgE0GKvhLStx8IwNPM7B31TSFQSGAEe5gxEAtnI2UypipnbNtN3fg5u/XOr0OCPBM1A3M8YgTgAhdKxsOLDepgH3Fsyq6Q+N97uPp2dal8V7BJQ7dEb/8XtArVt/Bjw6Qcv4s05gb2lo+e5ozKqzAvCasDk70cc5Srm124UP3HXTAcYW2LJGIrv7Cm+JYDvmI74xGylDZbfHvnsH3pKRqXWEWF4O/IvxEcKMF3lZOtl4aFMYxDWCLT5PxwmY1jYnyioQrY2wiTcXq2n0olSG5QhdRQyoZqt4STEbyXk2hSWFkDcQR682Bx5J2QxgfZN2V2HHZIVU7jhqzeeIsV7PFz1UZ19msCCaC6J5tZwJorkgmuN6EkRzWsKCaF4tgmguiOaCaO4UQTSnIojmgmjeBXtt/AQmo74PbLhnlKgxh1QLf7Yoshw9I9GrvUr7BuByP3mc88cEDn/mEOxPB12/eTWoRG2ZjzNrWtbO7pZdodUu+hfXVWnST5XPGvtVw76fqw5SjsU6qO/Dgd51NYLMLsjsgswuyOxOEWR2QWZ/jsjsENlJmk4/kHb1x0VeWOR1654iQG2j/twDmju8B9v70JjuzwO43edgdEbcd2vzG5065uh2ThycWkJK5WSQt1nyWf/D4gzCVlP6UVsQlqo9A/BHXFyOVN3BCFNdffuPnZWlr6RZTObTSU2B+5+mvvuo/X+Z/nPt/K/N1M5ejBe2B7r+l1EB0R870ac0XUQGlNUqCaqyd6feqcUIl5uspHBeXy7ycb5EexTXiOtVKVZzlMZwO+3rCMe3tMz8b6L92nyjn44FCxoKpj6uxrcvfhO9n9P1Pu0Ftz5Pm27wr6LE+rSXbw6QX/OWF5whWC7EOdNCTnEzoe8e2JiuIZpR2wIXOcCHQSv8W0VHTHtv2MMDQnCZ3BcrbmfJPLm0NxbB8Gv1Av84kZhXJ8GS+qUGaf7VskFU0FF95DQLbIRiWAWP76UUggghiHDK2UDMaiGIqBYhiKjXJwQR7bUJQYQQRAhBhBBECEGEEESYIgQRQhAhBBG2CEGEEEQIQYQQRLhxqEIQUS9CEBFqvxBECEHEI8BAQhGCCCGIaJsfIYgQggghiBCCCLcIQYQQRAhBRKAIQUTrQ0IQQUUIIgYPmRBENIoQRAhBhBBECEGEEERAeSIWvxBECEGEEEQIQYRbhCDinggiIPmQk+M3yRFRrdYkRF7lNxHYiEbBcWkhkiUEZS2dnEiT82ZCpt+1guHootQMCLO7WHLyjrbRcV9VQdYBUi3atwADasnsUVMgPufWPIQKzgXkkaQhSMtqit+rPZ1yeCejTVg8njmLB/TkJ8B0UZtiqdbihufRU/Udp/MmyZaMVQRRAdE1viEkyCi9Z4JtAOS73rPMVZuJ5hrWnGmhVBFKlWoynlCqCKWKUKr4HxFKlWoRSpX2+oVSRShVhFJFKFWEUmVAh4VSxT+wQqliilCqCKWKUKq0UKo0D3fvY8K8IswrwrwizCvCvCLMK8K84hRhXhHmFWFeEeaVjTGvLJWZRh9o4hX7ybPiXYnjeMuJ/I6uX21h+CVi0isdaX+MwJdbLtSPC1HCTvXR55jDrPT9w2v3xmZLUzWMIa6KAE2LLTcsj74pb9UvZo1GFefJeKSUvCtADkGpq4O6THNP8mm60UZOlWxSn+N0qBfGRY5cHS0tLlZTmO0YbvV+KPLVAt8cR9sAMl5ZDjFrAlt47XTOn5FkbP5+nKOvw+1zs0Lw2Ke1Ci+RdCPGu0j84wZOZ/dd8CfxAuCfC/M93RDSJFxeFuklvv1kRSuYBwzG+9RsUfydB4OtMfC6wjRe5nodvI62YfNsD53yA9uSjc68aeNEt5Amn+Y4+tt/rLM+12pscLTuuPvcPvVbtzbQtNdSa9SpVGGIWam3ufmir37zlXd3OIvT+167hJ11fdfG8BPm03RZ7mJwfPZPAhjyP2JcMZ6BarSz2bpFBpBZc8Tqa933lECkP+SwPPZ3rTM/K7hMWbKHt/Wty/xTOi9SCIXoKcR8O6NZL2cWUC7MoPrNdbRvOmNtMikzY576n6jeRj+RFdrRqyfZ5t7bCW8T6oLkaTSo/lFwK99vo9bcyIPqt/9oEWv+AXjMuXqqzWMbeaKU7fx21qrkPYFG+T6uTv/DrfU1G+h94qkthas0mS6vxlfp+NPTbZX385bBrjzyCIKRm7EAGNGnM6C6OdUPWoaQvntqK7XSxLamP/lm+5oXatOdX5/WZfx9vaLy70cW1d1Nqn71QIvGZ7PS7c8sWfQfqAG1Bzw5m3sJRpE/yuARVMxd393ywmyRzHpYLeqxyQRQ65U2ns3W3GzFag63vz1eZ6xuWjil98O7H3zr+Tf/lGHWyr27Oc/5Pe3eznyqMVP0SAc6scUZ/eSj7XaysiMA3VJeX/S9O5MdZ919jLnrgdNjveaQum7FXk7Mex7c+vXBRsftJj2/yvNPMYdvtLdKg2RDwAFvT/jzdfTtt9/g24l3/AN+5taKXa3ey/VsaH0gksWitAvq0Ngodx8QEwMQo0frtRMSUJsvHpTW7wMjZ+5REZmqOiJ9/Pztje/X/CorR51noo6RP+j1/RpQRVq3kDD6E3XGFJdOE+IorkizyheTLLmc5+UyG5cxH2d//B//Otj/cPTz4dH+D8fvT8+ODk5/3j88PHlzevr6j69/rxbqvytVZHN1Gq+K1K1L13F0fPrm4OPJG7ey13+8gBjSaiWrUv0e+KnGKBjQhRizpharFaEEka7z46mq7s2HkzcH+2dvDtUrvj/Z//nd/sGfj47f/Hy8/+7o+AfvKy6UdgDNBNFT/pFjCD4ok0dV/OZ/fzBVfHj//u3rP8JNxr93tBDjo/g0XfLDB28/np69OflZjcr7jycHb34+fXNW+9FZvsin+eUttJufPnv/4f3b9z/8Vbdv54SO/9PDH7nek4/HZ0fvVHWHP5qHbLjDB4j0yC6vlgdo5tYarprwsxqW798e/fDns58P/vzm4MfmYAPWROKC2MTRrru2oKTza/d72rAf3h/C6L45/bB/8MZ8ywRa3xd5jZ4Y4+086GUWNstyaZgd3/rSzb/P+6qPR4ebfdMqs0BQ2Qxv4ykZsrg14B9WDLh/O7Lx9fWr0e9G31Ur+rCaTpkHOzq6OM5hbQC3m3lqmikTQG3nD0V+XomDhZiFH+qsqAts9y45Uf5Z/QrPovo3NGj1lWOONT22RjzRifYHfcy5lTSOOVNbkS/zcT59HZ0dfAhWuteotNmTnrX93tfEGTDBjMvO2iDGKBs86hiZ1GfQUdBmy9sD1WSl+ruVITPAhyK7zqbpZfoGwjoomixCAeA8qQ5VihVvJGxNirzGRRFH+2/fVnrNL5g061WmzH7J6uFvv/uuEnKE330s4dirfkXYAu9Av6usG4RDoM20u5wtdtVmiavrZBd1rfllPE6LZdmYMfjUbYAa4vfz6a0TDRMYTmzucT4/yfNl5Rf4G8h3VvN7kU0rM0wROSzRGWPEvMhVZI99WizWQDGvMG0/FEocfkiLLJ9o2vXolV7lS6UuF1UiJ2UKXlyowx0QNE4BnWE1tW0GLkw01lHRHlWjlWYJiJw7V1PRXLbcyXXa6JkasuTdcSwt/KxXucYJb2i18KEezqrFBKmJmBy0WZXfXX7dWutkXiImF3sqPN0aOT8bldfj3g8a3wGSvGxB2GO5Ap2FTygahiP8cMvZINSJ6QVg64HKpR/oN/6RvhWnlzCVkrsoY8ASiAG+So/hNFNr63Y8TfvPHjd7sxPX7HPH7MFPTvEn3si0ZDLLkLyQz3a/6f5utcTEx7/QcB64MfaVDjZ42uqjk81h4ONxEkOOa6XJu761eWevALfcrIRKfsAWf0rBOnooTjBMgoeIl/31K/7Pueot/E2xmzQS1DxeY1oeBE1s/YBn4uhLPl6x+alZhdjzOMtjbof+YstkAGm9CrJXttiq1J+9MVSWZowYRMfsQ58vj4KZ0DhzHYAtzm0X8tY8Z4fNycs23x6cvFHmEP/j44dD/Y9awGflphoio9+gvC9B4M/T5z2BGBWxqVnEyp7HVNoAkS9lQm1I/93mUoMnPe1pdC4Mv7AJtAEQm5pKW+PzmNRq7MgXNr1OyMWm5tep8nlMcC1i5Qub4TLd2M6FpORnMaMcQ/DMZpIvkn0zmkwXV2pKa3fFd57XWn0jfZUdiF8PzHXgIrxlzqlbd510z7X6M5v5rj0MUV2b2sRQ1/PYxTrw7ZlNJm2eTlPHSei489Q2q1xzC7f/6gGMIDfFxT/tazltfgKsgWfqtrk2bX+mjhvuwD26bvQQqZl/kt6bODp88/bNF+TK6T2ld3PmNOf1Cfpzek3u83PudE/xXd07zuyKh+exZ3EDPp7mfIqb50nN8SYcPc1JFl/PE5vmu1gTzekVh889T+fDuXycyW3z+oi758ls4zs5fJr7WHw+9z6jD+j1aVpGX7zj50ube5sEdQ9LgCt/5iuBe/EsFwSkH7YvB5N1uInpN5WNWnMeA5Pd9psHc5GY5j9Py7rnRGN66UZnG2t85lNukm6b0/7/A7AalfZPogoA +data: + metadata: | + # maps release series of major.minor to cluster-api contract version + # the contract version may change between minor or major versions, but *not* + # between patch versions. + # + # update this file only when a new major or minor version is released + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 + - major: 1 + minor: 0 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v1.7.5 + namespace: capi-system + annotations: + provider.cluster.x-k8s.io/compressed: "true" + labels: + provider-components: core diff --git a/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-metal3.yaml b/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-metal3.yaml new file mode 100644 index 00000000..104d2ecc --- /dev/null +++ b/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-metal3.yaml @@ -0,0 +1,4382 @@ +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + pod-security.kubernetes.io/enforce: restricted + name: capm3-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ipaddresses.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: ipam-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - metal3 + kind: IPAddress + listKind: IPAddressList + plural: ipaddresses + shortNames: + - ipa + - ipaddress + - m3ipa + - m3ipaddress + - m3ipaddresses + - metal3ipa + - metal3ipaddress + - metal3ipaddresses + singular: ipaddress + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3IPAddress + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPAddress is the Schema for the ipaddresses API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPAddressSpec defines the desired state of IPAddress. + properties: + address: + description: Address contains the IP address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + claim: + description: Claim points to the object the IPClaim was created for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + pool: + description: Pool is the IPPool this was generated from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + prefix: + description: Prefix is the mask of the network as integer (max 128) + maximum: 128 + type: integer + required: + - address + - claim + - pool + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ipclaims.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: ipam-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - cluster-api + kind: IPClaim + listKind: IPClaimList + plural: ipclaims + shortNames: + - ipc + - ipclaim + - m3ipc + - m3ipclaim + - m3ipclaims + - metal3ipc + - metal3ipclaim + - metal3ipclaims + singular: ipclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3IPClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPClaim is the Schema for the ipclaims API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPClaimSpec defines the desired state of IPClaim. + properties: + pool: + description: Pool is the IPPool this was generated from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - pool + type: object + status: + description: IPClaimStatus defines the observed state of IPClaim. + properties: + address: + description: Address is the IPAddress that was generated for this + claim. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + errorMessage: + description: ErrorMessage contains the error message + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1alpha2: v1alpha2 + cluster.x-k8s.io/v1alpha3: v1alpha3_v1alpha4 + cluster.x-k8s.io/v1alpha4: v1alpha5 + cluster.x-k8s.io/v1beta1: v1beta1 + name: ippools.ipam.metal3.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: ipam-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: ipam.metal3.io + names: + categories: + - cluster-api + kind: IPPool + listKind: IPPoolList + plural: ippools + shortNames: + - ipp + - ippool + - m3ipp + - m3ippool + - m3ippools + - metal3ipp + - metal3ippool + - metal3ippools + singular: ippool + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this template belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Time duration since creation of Metal3IPPool + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: IPPool is the Schema for the ippools API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: IPPoolSpec defines the desired state of IPPool. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + type: string + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + namePrefix: + description: namePrefix is the prefix used to generate the IPAddress + object names + minLength: 1 + type: string + pools: + description: Pools contains the list of IP addresses pools + items: + description: MetaDataIPAddress contains the info to render th ip + address. It is IP-version agnostic. + properties: + dnsServers: + description: DNSServers is the list of dns servers + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + end: + description: End is the last IP address that can be rendered. + It is used as a validation that the rendered IP is in bound. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + gateway: + description: Gateway is the gateway ip address + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + prefix: + description: Prefix is the mask of the network as integer (max + 128) + maximum: 128 + type: integer + start: + description: Start is the first ip address that can be rendered + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + subnet: + description: Subnet is used to validate that the rendered IP + is in bounds. In case the Start value is not given, it is + derived from the subnet ip incremented by 1 (`192.168.0.1` + for `192.168.0.0/24`) + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))/([0-9]|[1-2][0-9]|3[0-2])$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))/([0-9]|[0-9][0-9]|1[0-1][0-9]|12[0-8])$)) + type: string + type: object + type: array + preAllocations: + additionalProperties: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + description: PreAllocations contains the preallocated IP addresses + type: object + prefix: + description: Prefix is the mask of the network as integer (max 128) + maximum: 128 + type: integer + required: + - namePrefix + type: object + status: + description: IPPoolStatus defines the observed state of IPPool. + properties: + indexes: + additionalProperties: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + description: Allocations contains the map of objects and IP addresses + they have + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3clusters.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Cluster + listKind: Metal3ClusterList + plural: metal3clusters + shortNames: + - m3c + - m3cluster + - m3clusters + - metal3c + - metal3cluster + singular: metal3cluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3Cluster + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: metal3Cluster is Ready + jsonPath: .status.ready + name: Ready + type: string + - description: Most recent error + jsonPath: .status.failureReason + name: Error + type: string + - description: Cluster to which this BMCluster belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Control plane endpoint + jsonPath: .spec.controlPlaneEndpoint + name: Endpoint + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Cluster is the Schema for the metal3clusters API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3ClusterSpec defines the desired state of Metal3Cluster. + properties: + controlPlaneEndpoint: + description: ControlPlaneEndpoint represents the endpoint used to + communicate with the control plane. + properties: + host: + description: Host is the hostname on which the API server is serving. + type: string + port: + description: Port is the port on which the API server is serving. + type: integer + required: + - host + - port + type: object + noCloudProvider: + description: Determines if the cluster is not to be deployed with + an external cloud provider. If set to true, CAPM3 will use node + labels to set providerID on the kubernetes nodes. If set to false, + providerID is set on nodes by other entities and CAPM3 uses the + value of the providerID on the m3m resource. + type: boolean + type: object + status: + description: Metal3ClusterStatus defines the observed state of Metal3Cluster. + properties: + conditions: + description: Conditions defines current service state of the Metal3Cluster. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: FailureMessage indicates that there is a fatal problem + reconciling the state, and will be set to a descriptive error message. + type: string + failureReason: + description: FailureReason indicates that there is a fatal problem + reconciling the state, and will be set to a token value suitable + for programmatic interpretation. + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + ready: + description: Ready denotes that the Metal3 cluster (infrastructure) + is ready. In Baremetal case, it does not mean anything for now as + no infrastructure steps need to be performed. Required by Cluster + API. Set to True by the metal3Cluster controller after creation. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3dataclaims.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3DataClaim + listKind: Metal3DataClaimList + plural: metal3dataclaims + shortNames: + - m3dc + - m3dataclaim + - m3dataclaims + - metal3dc + - metal3dataclaim + singular: metal3dataclaim + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3DataClaim + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3DataClaim is the Schema for the metal3datas API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataClaimSpec defines the desired state of Metal3DataClaim. + properties: + template: + description: Template is the Metal3DataTemplate this was generated + for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + required: + - template + type: object + status: + description: Metal3DataClaimStatus defines the observed state of Metal3DataClaim. + properties: + errorMessage: + description: ErrorMessage contains the error message + type: string + renderedData: + description: RenderedData references the Metal3Data when ready + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + clusterctl.cluster.x-k8s.io/skip-crd-name-preflight-check: "" + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3datas.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Data + listKind: Metal3DataList + plural: metal3datas + shortNames: + - m3d + - m3data + - m3datas + - metal3d + - metal3data + singular: metal3data + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3Data + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Data is the Schema for the metal3datas API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataSpec defines the desired state of Metal3Data. + properties: + claim: + description: DataClaim points to the Metal3DataClaim the Metal3Data + was created for. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + index: + description: Index stores the index value of this instance in the + Metal3DataTemplate. + type: integer + metaData: + description: MetaData points to the rendered MetaData secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: NetworkData points to the rendered NetworkData secret. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + template: + description: DataTemplate is the Metal3DataTemplate this was generated + from. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + templateReference: + description: TemplateReference refers to the Template the Metal3MachineTemplate + refers to. It can be matched against the key or it may also point + to the name of the template Metal3Data refers to + type: string + required: + - claim + - template + type: object + status: + description: Metal3DataStatus defines the observed state of Metal3Data. + properties: + errorMessage: + description: ErrorMessage contains the error message + type: string + ready: + description: Ready is a flag set to True if the secrets were rendered + properly + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3datatemplates.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3DataTemplate + listKind: Metal3DataTemplateList + plural: metal3datatemplates + shortNames: + - m3dt + - m3datatemplate + - m3datatemplates + - metal3dt + - metal3datatemplate + singular: metal3datatemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Cluster to which this template belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: Time duration since creation of Metal3DataTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3DataTemplate is the Schema for the metal3datatemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3DataTemplateSpec defines the desired state of Metal3DataTemplate. + properties: + clusterName: + description: ClusterName is the name of the Cluster this object belongs + to. + minLength: 1 + type: string + metaData: + description: MetaData contains the information needed to generate + the metadata secret + properties: + dnsServersFromIPPool: + description: DNSServersFromPool is the list of metadata items + to be rendered as dns servers. + items: + properties: + apiGroup: + description: APIGroup is the api group of the IP pool. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + kind: + description: Kind is the kind of the IP pool + type: string + name: + description: Name is the name of the IP pool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - apiGroup + - key + - kind + - name + type: object + type: array + fromAnnotations: + description: FromAnnotations is the list of metadata items to + be fetched from object Annotations + items: + description: MetaDataFromAnnotation contains the information + to fetch an annotation content, if the label does not exist, + it is rendered as empty string. + properties: + annotation: + description: Annotation is the key of the Annotation to + fetch + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - key + - object + type: object + type: array + fromHostInterfaces: + description: FromHostInterfaces is the list of metadata items + to be rendered as MAC addresses of the host interfaces. + items: + description: MetaDataHostInterface contains the information + to render the object name. + properties: + interface: + description: Interface is the name of the interface in the + BareMetalHost Status Hardware Details list of interfaces + from which to fetch the MAC address. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + required: + - interface + - key + type: object + type: array + fromLabels: + description: FromLabels is the list of metadata items to be fetched + from object labels + items: + description: MetaDataFromLabel contains the information to fetch + a label content, if the label does not exist, it is rendered + as empty string. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + label: + description: Label is the key of the label to fetch + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - key + - label + - object + type: object + type: array + gatewaysFromIPPool: + description: GatewaysFromPool is the list of metadata items to + be rendered as gateway addresses. + items: + properties: + apiGroup: + description: APIGroup is the api group of the IP pool. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + kind: + description: Kind is the kind of the IP pool + type: string + name: + description: Name is the name of the IP pool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - apiGroup + - key + - kind + - name + type: object + type: array + indexes: + description: Indexes is the list of metadata items to be rendered + from the index of the Metal3Data + items: + description: MetaDataIndex contains the information to render + the index. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + offset: + description: Offset is the offset to apply to the index + when rendering it + type: integer + prefix: + description: Prefix is the prefix string + type: string + step: + default: 1 + description: Step is the multiplier of the index + type: integer + suffix: + description: Suffix is the suffix string + type: string + required: + - key + type: object + type: array + ipAddressesFromIPPool: + description: IPAddressesFromPool is the list of metadata items + to be rendered as ip addresses. + items: + properties: + apiGroup: + description: APIGroup is the api group of the IP pool. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + kind: + description: Kind is the kind of the IP pool + type: string + name: + description: Name is the name of the IP pool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - apiGroup + - key + - kind + - name + type: object + type: array + namespaces: + description: Namespaces is the list of metadata items to be rendered + from the namespace + items: + description: MetaDataNamespace contains the information to render + the namespace. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + required: + - key + type: object + type: array + objectNames: + description: ObjectNames is the list of metadata items to be rendered + from the name of objects. + items: + description: MetaDataObjectName contains the information to + render the object name. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + object: + description: Object is the type of the object from which + we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - key + - object + type: object + type: array + prefixesFromIPPool: + description: PrefixesFromPool is the list of metadata items to + be rendered as network prefixes. + items: + properties: + apiGroup: + description: APIGroup is the api group of the IP pool. + type: string + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + kind: + description: Kind is the kind of the IP pool + type: string + name: + description: Name is the name of the IP pool used to fetch + the value to set in the metadata map for cloud-init + type: string + required: + - apiGroup + - key + - kind + - name + type: object + type: array + strings: + description: Strings is the list of metadata items to be rendered + from strings + items: + description: MetaDataString contains the information to render + the string. + properties: + key: + description: Key will be used as the key to set in the metadata + map for cloud-init + type: string + value: + description: Value is the string to render. + type: string + required: + - key + - value + type: object + type: array + type: object + networkData: + description: NetworkData contains the information needed to generate + the networkdata secret + properties: + links: + description: Links is a structure containing lists of different + types objects + properties: + bonds: + description: Bonds contains a list of Bond links + items: + description: NetworkDataLinkBond represents a bond link + object. + properties: + bondLinks: + description: BondLinks is the list of links that are + part of the bond. + items: + type: string + type: array + bondMode: + description: BondMode is the mode of bond used. It can + be one of balance-rr, active-backup, balance-xor, + broadcast, balance-tlb, balance-alb, 802.3ad + enum: + - balance-rr + - active-backup + - balance-xor + - broadcast + - balance-tlb + - balance-alb + - 802.3ad + type: string + bondXmitHashPolicy: + description: Selects the transmit hash policy used for + port selection in balance-xor and 802.3ad modes + enum: + - layer2 + - layer3+4 + - layer2+3 + type: string + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromAnnotation: + description: FromAnnotation references an object + Annotation to retrieve the MAC address from + properties: + annotation: + description: Annotation is the key of the Annotation + to fetch + type: string + object: + description: Object is the type of the object + from which we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - object + type: object + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + required: + - bondMode + - id + - macAddress + type: object + type: array + ethernets: + description: Ethernets contains a list of Ethernet links + items: + description: NetworkDataLinkEthernet represents an ethernet + link object. + properties: + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromAnnotation: + description: FromAnnotation references an object + Annotation to retrieve the MAC address from + properties: + annotation: + description: Annotation is the key of the Annotation + to fetch + type: string + object: + description: Object is the type of the object + from which we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - object + type: object + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + type: + description: 'Type is the type of the ethernet link. + It can be one of: bridge, dvs, hw_veb, hyperv, ovs, + tap, vhostuser, vif, phy' + enum: + - bridge + - dvs + - hw_veb + - hyperv + - ovs + - tap + - vhostuser + - vif + - phy + type: string + required: + - id + - macAddress + - type + type: object + type: array + vlans: + description: Vlans contains a list of Vlan links + items: + description: NetworkDataLinkVlan represents a vlan link + object. + properties: + id: + description: Id is the ID of the interface (used for + naming) + type: string + macAddress: + description: MACAddress is the MAC address of the interface, + containing the object used to render it. + properties: + fromAnnotation: + description: FromAnnotation references an object + Annotation to retrieve the MAC address from + properties: + annotation: + description: Annotation is the key of the Annotation + to fetch + type: string + object: + description: Object is the type of the object + from which we retrieve the name + enum: + - machine + - metal3machine + - baremetalhost + type: string + required: + - annotation + - object + type: object + fromHostInterface: + description: FromHostInterface contains the name + of the interface in the BareMetalHost Introspection + details from which to fetch the MAC address + type: string + string: + description: String contains the MAC address given + as a string + type: string + type: object + mtu: + default: 1500 + description: MTU is the MTU of the interface + maximum: 9000 + type: integer + vlanID: + description: VlanID is the Vlan ID + maximum: 4096 + type: integer + vlanLink: + description: VlanLink is the name of the link on which + the vlan should be added + type: string + required: + - id + - macAddress + - vlanID + - vlanLink + type: object + type: array + type: object + networks: + description: Networks is a structure containing lists of different + types objects + properties: + ipv4: + description: IPv4 contains a list of IPv4 static allocations + items: + description: NetworkDataIPv4 represents an ipv4 static network + object. + properties: + fromPoolRef: + description: FromPoolRef is a reference to a IP pool + to allocate an address from. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + id: + description: ID is the network ID (name) + type: string + ipAddressFromIPPool: + description: IPAddressFromIPPool contains the name of + the IP pool to use to get an ip address + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv4 routes + items: + description: NetworkDataRoutev4 represents an ipv4 + route object. + properties: + gateway: + description: Gateway is the IPv4 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: object + network: + description: Network is the IPv4 network address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 32) + maximum: 32 + type: integer + services: + description: Services is a list of IPv4 services + properties: + dns: + description: DNS is a list of IPv4 DNS services + items: + description: IPAddressv4 is used for validation + of an IPv6 address. + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv4DHCP: + description: IPv4 contains a list of IPv4 DHCP allocations + items: + description: NetworkDataIPv4DHCP represents an ipv4 DHCP + network object. + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv4 routes + items: + description: NetworkDataRoutev4 represents an ipv4 + route object. + properties: + gateway: + description: Gateway is the IPv4 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: object + network: + description: Network is the IPv4 network address + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 32) + maximum: 32 + type: integer + services: + description: Services is a list of IPv4 services + properties: + dns: + description: DNS is a list of IPv4 DNS services + items: + description: IPAddressv4 is used for validation + of an IPv6 address. + pattern: ^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv6: + description: IPv4 contains a list of IPv6 static allocations + items: + description: NetworkDataIPv6 represents an ipv6 static network + object. + properties: + fromPoolRef: + description: FromPoolRef is a reference to a IP pool + to allocate an address from. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced. If APIGroup is not specified, + the specified Kind must be in the core API group. + For any other third-party types, APIGroup is required. + type: string + kind: + description: Kind is the type of resource being + referenced + type: string + name: + description: Name is the name of resource being + referenced + type: string + required: + - kind + - name + type: object + x-kubernetes-map-type: atomic + id: + description: ID is the network ID (name) + type: string + ipAddressFromIPPool: + description: IPAddressFromIPPool contains the name of + the IPPool to use to get an ip address + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object. + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address. + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - ipAddressFromIPPool + - link + type: object + type: array + ipv6DHCP: + description: IPv4 contains a list of IPv6 DHCP allocations + items: + description: NetworkDataIPv6DHCP represents an ipv6 DHCP + network object. + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object. + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address. + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + ipv6SLAAC: + description: IPv4 contains a list of IPv6 SLAAC allocations + items: + description: NetworkDataIPv6DHCP represents an ipv6 DHCP + network object. + properties: + id: + description: ID is the network ID (name) + type: string + link: + description: Link is the link on which the network applies + type: string + routes: + description: Routes contains a list of IPv6 routes + items: + description: NetworkDataRoutev6 represents an ipv6 + route object. + properties: + gateway: + description: Gateway is the IPv6 address of the + gateway + properties: + fromIPPool: + description: FromIPPool is the name of the + IPPool to fetch the gateway from + type: string + string: + description: String is the gateway given as + a string + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: object + network: + description: Network is the IPv6 network address + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + prefix: + description: Prefix is the mask of the network + as integer (max 128) + maximum: 128 + type: integer + services: + description: Services is a list of IPv6 services + properties: + dns: + description: DNS is a list of IPv6 DNS services + items: + description: IPAddressv6 is used for validation + of an IPv6 address. + pattern: ^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$ + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of + the IPPool from which to get the DNS servers + type: string + type: object + required: + - gateway + - network + type: object + type: array + required: + - id + - link + type: object + type: array + type: object + services: + description: Services is a structure containing lists of different + types objects + properties: + dns: + description: DNS is a list of DNS services + items: + description: IPAddress is used for validation of an IP address. + pattern: ((^((([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5]))$)|(^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:))$)) + type: string + type: array + dnsFromIPPool: + description: DNSFromIPPool is the name of the IPPool from + which to get the DNS servers + type: string + type: object + type: object + templateReference: + description: TemplateReference refers to the Template the Metal3MachineTemplate + refers to. It can be matched against the key or it may also point + to the name of the template Metal3Data refers to + type: string + required: + - clusterName + type: object + status: + description: Metal3DataTemplateStatus defines the observed state of Metal3DataTemplate. + properties: + indexes: + additionalProperties: + type: integer + description: Indexes contains the map of Metal3Machine and index used + type: object + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3machines.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Machine + listKind: Metal3MachineList + plural: metal3machines + shortNames: + - m3m + - m3machine + - m3machines + - metal3m + - metal3machine + singular: metal3machine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3Machine + jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Provider ID + jsonPath: .spec.providerID + name: ProviderID + type: string + - description: metal3machine is Ready + jsonPath: .status.ready + name: Ready + type: string + - description: Cluster to which this M3Machine belongs + jsonPath: .metadata.labels.cluster\.x-k8s\.io/cluster-name + name: Cluster + type: string + - description: metal3machine current phase + jsonPath: .status.phase + name: Phase + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Machine is the Schema for the metal3machines API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3MachineSpec defines the desired state of Metal3Machine. + properties: + automatedCleaningMode: + description: When set to disabled, automated cleaning of host disks + will be skipped during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + dataTemplate: + description: MetadataTemplate is a reference to a Metal3DataTemplate + object containing a template of metadata to be rendered. Metadata + keys defined in the metadataTemplate take precedence over keys defined + in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + hostSelector: + description: HostSelector specifies matching criteria for labels on + BareMetalHosts. This is used to limit the set of BareMetalHost objects + considered for claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true on a chosen + BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist on a chosen + BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum, sha256sum or sha512sum value + or a URL to retrieve one. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for the image. + e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + metaData: + description: MetaData is an object storing the reference to the secret + containing the Metadata given by the user. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: NetworkData is an object storing the reference to the + secret containing the network data given by the user. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + providerID: + description: ProviderID will be the Metal3 machine in ProviderID format + (metal3://) + type: string + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the metal3machine's namespace if not specified. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - image + type: object + status: + description: Metal3MachineStatus defines the observed state of Metal3Machine. + properties: + addresses: + description: Addresses is a list of addresses assigned to the machine. + This field is copied from the infrastructure provider reference. + items: + description: MachineAddress contains information for the node's + address. + properties: + address: + description: The machine address. + type: string + type: + description: Machine address type, one of Hostname, ExternalIP, + InternalIP, ExternalDNS or InternalDNS. + type: string + required: + - address + - type + type: object + type: array + conditions: + description: Conditions defines current service state of the Metal3Machine. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status + to another. This should be when the underlying condition changed. + If that is not known, then using the time when the API field + changed is acceptable. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. This field may be empty. + type: string + reason: + description: The reason for the condition's last transition + in CamelCase. The specific API may choose whether or not this + field is considered a guaranteed API. This field may not be + empty. + type: string + severity: + description: Severity provides an explicit classification of + Reason code, so the users or machines can immediately understand + the current situation and act accordingly. The Severity field + MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + failureMessage: + description: "FailureMessage will be set in the event that there is + a terminal problem reconciling the metal3machine and will contain + a more verbose string suitable for logging and human consumption. + \n This field should not be set for transitive errors that a controller + faces that are expected to be fixed automatically over time (like + service outages), but instead indicate that something is fundamentally + wrong with the metal3machine's spec or the configuration of the + controller, and that manual intervention is required. Examples of + terminal errors would be invalid combinations of settings in the + spec, values that are unsupported by the controller, or the responsible + controller itself being critically misconfigured. \n Any transient + errors that occur during the reconciliation of metal3machines can + be added as events to the metal3machine object and/or logged in + the controller's output." + type: string + failureReason: + description: "FailureReason will be set in the event that there is + a terminal problem reconciling the metal3machine and will contain + a succinct value suitable for machine interpretation. \n This field + should not be set for transitive errors that a controller faces + that are expected to be fixed automatically over time (like service + outages), but instead indicate that something is fundamentally wrong + with the metal3machine's spec or the configuration of the controller, + and that manual intervention is required. Examples of terminal errors + would be invalid combinations of settings in the spec, values that + are unsupported by the controller, or the responsible controller + itself being critically misconfigured. \n Any transient errors that + occur during the reconciliation of metal3machines can be added as + events to the metal3machine object and/or logged in the controller's + output." + type: string + lastUpdated: + description: LastUpdated identifies when this status was last observed. + format: date-time + type: string + metaData: + description: MetaData is an object storing the reference to the secret + containing the Metadata used to deploy the BareMetalHost. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: NetworkData is an object storing the reference to the + secret containing the network data used to deploy the BareMetalHost. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + phase: + description: Phase represents the current phase of machine actuation. + E.g. Pending, Running, Terminating, Failed etc. + type: string + ready: + description: 'Ready is the state of the metal3. TODO : Document the + variable : mhrivnak: " it would be good to document what this means, + how to interpret it, under what circumstances the value changes, + etc."' + type: boolean + renderedData: + description: RenderedData is a reference to a rendered Metal3Data + object containing the references to metaData and networkData secrets. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + userData: + description: UserData references the Secret that holds user data needed + by the bare metal operator. The Namespace is optional; it will default + to the metal3machine's namespace if not specified. + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3machinetemplates.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3MachineTemplate + listKind: Metal3MachineTemplateList + plural: metal3machinetemplates + shortNames: + - m3mt + - m3machinetemplate + - m3machinetemplates + - metal3mt + - metal3machinetemplate + singular: metal3machinetemplate + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Time duration since creation of Metal3MachineTemplate + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3MachineTemplate is the Schema for the metal3machinetemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3MachineTemplateSpec defines the desired state of Metal3MachineTemplate. + properties: + nodeReuse: + default: false + description: When set to True, CAPM3 Machine controller will pick + the same pool of BMHs' that were released during the upgrade operation. + type: boolean + template: + description: Metal3MachineTemplateResource describes the data needed + to create a Metal3Machine from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the machine. + properties: + automatedCleaningMode: + description: When set to disabled, automated cleaning of host + disks will be skipped during provisioning and deprovisioning. + enum: + - metadata + - disabled + type: string + dataTemplate: + description: MetadataTemplate is a reference to a Metal3DataTemplate + object containing a template of metadata to be rendered. + Metadata keys defined in the metadataTemplate take precedence + over keys defined in metadata field. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this + pod). This syntax is chosen only to have some well-defined + way of referencing a part of an object. TODO: this design + is not final and this field is subject to change in + the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + hostSelector: + description: HostSelector specifies matching criteria for + labels on BareMetalHosts. This is used to limit the set + of BareMetalHost objects considered for claiming for a metal3machine. + properties: + matchExpressions: + description: Label match expressions that must be true + on a chosen BareMetalHost + items: + properties: + key: + type: string + operator: + description: Operator represents a key/field's relationship + to value(s). See labels.Requirement and fields.Requirement + for more details. + type: string + values: + items: + type: string + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: Key/value pairs of labels that must exist + on a chosen BareMetalHost + type: object + type: object + image: + description: Image is the image to be provisioned. + properties: + checksum: + description: Checksum is a md5sum, sha256sum or sha512sum + value or a URL to retrieve one. + type: string + checksumType: + description: ChecksumType is the checksum algorithm for + the image. e.g md5, sha256, sha512 + enum: + - md5 + - sha256 + - sha512 + type: string + format: + description: DiskFormat contains the image disk format. + enum: + - raw + - qcow2 + - vdi + - vmdk + - live-iso + type: string + url: + description: URL is a location of an image to deploy. + type: string + required: + - checksum + - url + type: object + metaData: + description: MetaData is an object storing the reference to + the secret containing the Metadata given by the user. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + networkData: + description: NetworkData is an object storing the reference + to the secret containing the network data given by the user. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + providerID: + description: ProviderID will be the Metal3 machine in ProviderID + format (metal3://) + type: string + userData: + description: UserData references the Secret that holds user + data needed by the bare metal operator. The Namespace is + optional; it will default to the metal3machine's namespace + if not specified. + properties: + name: + description: name is unique within a namespace to reference + a secret resource. + type: string + namespace: + description: namespace defines the space within which + the secret name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + required: + - image + type: object + required: + - spec + type: object + required: + - template + type: object + type: object + served: true + storage: true + subresources: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3remediations.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3Remediation + listKind: Metal3RemediationList + plural: metal3remediations + shortNames: + - m3r + - m3remediation + singular: metal3remediation + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: How many times remediation controller should attempt to remediate + the host + jsonPath: .spec.strategy.retryLimit + name: Retry limit + type: string + - description: How many times remediation controller has tried to remediate the + node + jsonPath: .status.retryCount + name: Retry count + type: string + - description: Timestamp of the last remediation attempt + jsonPath: .status.lastRemediated + name: Last Remediated + type: string + - description: Type of the remediation strategy + jsonPath: .spec.strategy.type + name: Strategy + type: string + - description: Phase of the remediation + jsonPath: .status.phase + name: Phase + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3Remediation is the Schema for the metal3remediations API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3RemediationSpec defines the desired state of Metal3Remediation. + properties: + strategy: + description: Strategy field defines remediation strategy. + properties: + retryLimit: + description: Sets maximum number of remediation retries. + type: integer + timeout: + description: Sets the timeout between remediation retries. + type: string + type: + description: Type of remediation. + type: string + type: object + type: object + status: + description: Metal3RemediationStatus defines the observed state of Metal3Remediation. + properties: + lastRemediated: + description: LastRemediated identifies when the host was last remediated + format: date-time + type: string + phase: + description: Phase represents the current phase of machine remediation. + E.g. Pending, Running, Done etc. + type: string + retryCount: + description: RetryCount can be used as a counter during the remediation. + Field can hold number of reboots etc. + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + controller-gen.kubebuilder.io/version: v0.13.0 + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + cluster.x-k8s.io/v1beta1: v1beta1 + name: metal3remediationtemplates.infrastructure.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: capm3-webhook-service + namespace: capm3-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: infrastructure.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: Metal3RemediationTemplate + listKind: Metal3RemediationTemplateList + plural: metal3remediationtemplates + shortNames: + - m3rt + - m3remediationtemplate + - m3remediationtemplates + - metal3rt + - metal3remediationtemplate + singular: metal3remediationtemplate + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Metal3RemediationTemplate is the Schema for the metal3remediationtemplates + API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Metal3RemediationTemplateSpec defines the desired state of + Metal3RemediationTemplate. + properties: + template: + description: Metal3RemediationTemplateResource describes the data + needed to create a Metal3Remediation from a template. + properties: + spec: + description: Spec is the specification of the desired behavior + of the Metal3Remediation. + properties: + strategy: + description: Strategy field defines remediation strategy. + properties: + retryLimit: + description: Sets maximum number of remediation retries. + type: integer + timeout: + description: Sets the timeout between remediation retries. + type: string + type: + description: Type of remediation. + type: string + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: Metal3RemediationTemplateStatus defines the observed state + of Metal3RemediationTemplate. + properties: + status: + description: Metal3RemediationStatus defines the observed state of + Metal3Remediation + properties: + lastRemediated: + description: LastRemediated identifies when the host was last + remediated + format: date-time + type: string + phase: + description: Phase represents the current phase of machine remediation. + E.g. Pending, Running, Done etc. + type: string + retryCount: + description: RetryCount can be used as a counter during the remediation. + Field can hold number of reboots etc. + type: integer + type: object + required: + - status + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager + namespace: capm3-system + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-leader-election-role + namespace: capm3-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-leader-election-role + namespace: capm3-system + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get + - apiGroups: + - cluster.x-k8s.io + resources: + - kubeadmcontrolplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - machinedeployments + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - machines + - machines/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - machinesets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3clusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3clusters/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3dataclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3dataclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datas/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datatemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3datatemplates/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machines + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machines/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3machinetemplates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3remediations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - metal3remediations/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddressclaims/status + verbs: + - get + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddresses + verbs: + - get + - list + - watch + - apiGroups: + - ipam.cluster.x-k8s.io + resources: + - ipaddresses/status + verbs: + - get + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses + verbs: + - get + - list + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses/status + verbs: + - get + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims/status + verbs: + - get + - watch + - apiGroups: + - metal3.io + resources: + - baremetalhosts + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - metal3.io + resources: + - baremetalhosts/status + verbs: + - get + - patch + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-manager-role + rules: + - apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipaddresses/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ipclaims/status + verbs: + - get + - patch + - update + - apiGroups: + - ipam.metal3.io + resources: + - ippools + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - ipam.metal3.io + resources: + - ippools/status + verbs: + - get + - patch + - update + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-leader-election-rolebinding + namespace: capm3-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: capm3-leader-election-role + subjects: + - kind: ServiceAccount + name: capm3-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-leader-election-rolebinding + namespace: capm3-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ipam-leader-election-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: capm3-manager-role + subjects: + - kind: ServiceAccount + name: capm3-manager + namespace: capm3-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ipam-manager-role + subjects: + - kind: ServiceAccount + name: ipam-manager + namespace: capm3-system + --- + apiVersion: v1 + data: + CAPM3_FAST_TRACK: ${CAPM3_FAST_TRACK:='false'} + kind: ConfigMap + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-capm3fasttrack-configmap + namespace: capm3-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-webhook-service + namespace: capm3-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: infrastructure-metal3 + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-webhook-service + namespace: capm3-system + spec: + ports: + - port: 443 + targetPort: ipam-webhook + selector: + cluster.x-k8s.io/provider: infrastructure-metal3 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: capm3-controller-manager + namespace: capm3-system + spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --webhook-port=9443 + - --enableBMHNameBasedPreallocation=${enableBMHNameBasedPreallocation:=false} + - --diagnostics-address=${CAPM3_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPM3_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + envFrom: + - configMapRef: + name: capm3-capm3fasttrack-configmap + image: quay.io/metal3-io/cluster-api-provider-metal3:v1.7.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: capm3-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: capm3-webhook-service-cert + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + name: ipam-controller-manager + namespace: capm3-system + spec: + selector: + matchLabels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + template: + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + control-plane: controller-manager + controller-tools.k8s.io: "1.0" + spec: + containers: + - args: + - --webhook-port=9443 + - --diagnostics-address=${IPAM_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${IPAM_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + image: quay.io/metal3-io/ip-address-manager:v1.7.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: ipam-webhook + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: ipam-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-serving-cert + namespace: capm3-system + spec: + dnsNames: + - capm3-webhook-service.capm3-system.svc + - capm3-webhook-service.capm3-system.svc.cluster.local + issuerRef: + kind: Issuer + name: capm3-selfsigned-issuer + secretName: capm3-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-serving-cert + namespace: capm3-system + spec: + dnsNames: + - ipam-webhook-service.capm3-system.svc + - ipam-webhook-service.capm3-system.svc.cluster.local + issuerRef: + kind: Issuer + name: ipam-selfsigned-issuer + secretName: ipam-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-selfsigned-issuer + namespace: capm3-system + spec: + selfSigned: {} + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-selfsigned-issuer + namespace: capm3-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3cluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3clusters + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3data + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3data.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datas + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3dataclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3dataclaim.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3dataclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3datatemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3datatemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datatemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machine + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3machine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machines + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3machinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machinetemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediation + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3remediation.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediations + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /mutate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediationtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: default.metal3remediationtemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediationtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /mutate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /mutate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /mutate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: default.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/capm3-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: capm3-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3cluster + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3cluster.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3clusters + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3data + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3data.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datas + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3dataclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3dataclaim.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3dataclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3datatemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3datatemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3datatemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machine + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3machine.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machines + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3machinetemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3machinetemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3machinetemplates + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediation + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3remediation.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediations + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: capm3-webhook-service + namespace: capm3-system + path: /validate-infrastructure-cluster-x-k8s-io-v1beta1-metal3remediationtemplate + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.metal3remediationtemplate.infrastructure.cluster.x-k8s.io + rules: + - apiGroups: + - infrastructure.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - metal3remediationtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: capm3-system/ipam-serving-cert + labels: + cluster.x-k8s.io/provider: infrastructure-metal3 + name: ipam-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /validate-ipam-metal3-io-v1alpha1-ipaddress + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipaddress.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresses + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /validate-ipam-metal3-io-v1alpha1-ipclaim + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ipclaim.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ipclaims + sideEffects: None + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ipam-webhook-service + namespace: capm3-system + path: /validate-ipam-metal3-io-v1alpha1-ippool + failurePolicy: Fail + matchPolicy: Equivalent + name: validation.ippool.ipam.metal3.io + rules: + - apiGroups: + - ipam.metal3.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - ippools + sideEffects: None + metadata: | + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 1 + minor: 7 + contract: v1beta1 + - major: 1 + minor: 6 + contract: v1beta1 + - major: 1 + minor: 5 + contract: v1beta1 + - major: 1 + minor: 4 + contract: v1beta1 + - major: 1 + minor: 3 + contract: v1beta1 + - major: 1 + minor: 2 + contract: v1beta1 + - major: 1 + minor: 1 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v1.7.1 + namespace: capm3-system + labels: + provider-components: metal3 diff --git a/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-rke2-bootstrap.yaml b/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-rke2-bootstrap.yaml new file mode 100644 index 00000000..5339360a --- /dev/null +++ b/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-rke2-bootstrap.yaml @@ -0,0 +1,2740 @@ +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + name: rke2-bootstrap-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2configs.bootstrap.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: bootstrap.cluster.x-k8s.io + names: + kind: RKE2Config + listKind: RKE2ConfigList + plural: rke2configs + singular: rke2config + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2Config is the Schema for the rke2configs API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ConfigSpec defines the desired state of RKE2Config. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + type: object + status: + description: RKE2ConfigStatus defines the observed state of RKE2Config. + properties: + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2Config is the Schema for the rke2configs API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ConfigSpec defines the desired state of RKE2Config. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + type: object + status: + description: RKE2ConfigStatus defines the observed state of RKE2Config. + properties: + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2configtemplates.bootstrap.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /convert + conversionReviewVersions: + - v1 + group: bootstrap.cluster.x-k8s.io + names: + kind: RKE2ConfigTemplate + listKind: RKE2ConfigTemplateList + plural: rke2configtemplates + singular: rke2configtemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec details the RKE2ConfigTemplate specification. + properties: + template: + description: "Template references a RKE2ConfigTemplate, which is used + to include an RKE2ConfigSpec struct.\n\tThis is used to include + a desired RKE2ConfigSpec configuration when an RKE2Config resource + is generated by a MachineDeployment resource." + properties: + spec: + description: Spec is the RKE2ConfigSpec that should be used for + the template. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + required: + - spec + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ConfigTemplate is the Schema for the RKE2configtemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec details the RKE2ConfigTemplate specification. + properties: + template: + description: "Template references a RKE2ConfigTemplate, which is used + to include an RKE2ConfigSpec struct.\n\tThis is used to include + a desired RKE2ConfigSpec configuration when an RKE2Config resource + is generated by a MachineDeployment resource." + properties: + spec: + description: Spec is the RKE2ConfigSpec that should be used for + the template. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + type: object + required: + - spec + type: object + required: + - template + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-leader-election-role + namespace: rke2-bootstrap-system + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager-role + rules: + - apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + - rke2configs/finalizers + - rke2configs/status + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - get + - list + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes + - rke2controlplanes/status + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-leader-election-rolebinding + namespace: rke2-bootstrap-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rke2-bootstrap-leader-election-role + subjects: + - kind: ServiceAccount + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rke2-bootstrap-manager-role + subjects: + - kind: ServiceAccount + name: rke2-bootstrap-manager + namespace: rke2-bootstrap-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: bootstrap-rke2 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + name: rke2-bootstrap-controller-manager + namespace: rke2-bootstrap-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + image: ghcr.io/rancher/cluster-api-provider-rke2-bootstrap:v0.6.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: rke2-bootstrap-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: rke2-bootstrap-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-serving-cert + namespace: rke2-bootstrap-system + spec: + dnsNames: + - rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc + - rke2-bootstrap-webhook-service.rke2-bootstrap-system.svc.cluster.local + issuerRef: + kind: Issuer + name: rke2-bootstrap-selfsigned-issuer + secretName: rke2-bootstrap-webhook-service-cert + subject: + organizations: + - Rancher by SUSE + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-selfsigned-issuer + namespace: rke2-bootstrap-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config + failurePolicy: Fail + name: mrke2config.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configs + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /mutate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate + failurePolicy: Fail + name: mrke2configtemplate.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configtemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-bootstrap-system/rke2-bootstrap-serving-cert + labels: + cluster.x-k8s.io/provider: bootstrap-rke2 + name: rke2-bootstrap-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2config + failurePolicy: Fail + name: vrke2config.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configs + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-bootstrap-webhook-service + namespace: rke2-bootstrap-system + path: /validate-bootstrap-cluster-x-k8s-io-v1beta1-rke2configtemplate + failurePolicy: Fail + name: vrke2configtemplate.kb.io + rules: + - apiGroups: + - bootstrap.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2configtemplates + sideEffects: None + metadata: | + # maps release series of major.minor to cluster-api contract version + # the contract version may change between minor or major versions, but *not* + # between patch versions. + # + # update this file only when a new major or minor version is released + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 0 + minor: 1 + contract: v1beta1 + - major: 0 + minor: 2 + contract: v1beta1 + - major: 0 + minor: 3 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1beta1 + - major: 0 + minor: 5 + contract: v1beta1 + - major: 0 + minor: 6 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v0.6.1 + namespace: rke2-bootstrap-system + labels: + provider-components: rke2-bootstrap diff --git a/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-rke2-control-plane.yaml b/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-rke2-control-plane.yaml new file mode 100644 index 00000000..59cc0919 --- /dev/null +++ b/packages/rancher-turtles-airgap-resources/chart/templates/airgap-cm-rke2-control-plane.yaml @@ -0,0 +1,4497 @@ +apiVersion: v1 +data: + components: | + apiVersion: v1 + kind: Namespace + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + name: rke2-control-plane-system + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2controlplanes.controlplane.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + kind: RKE2ControlPlane + listKind: RKE2ControlPlaneList + plural: rke2controlplanes + singular: rke2controlplane + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ControlPlane is the Schema for the rke2controlplanes API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + Deprecated: Data is reserved for the arbitrary cloud-init data + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + version: + description: Version specifies the rke2 version. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth si a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + default: internal-first + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + type: string + replicas: + description: Replicas is the number of replicas for the Control Plane. + format: int32 + type: integer + rolloutStrategy: + default: + rollingUpdate: + maxSurge: 1 + type: RollingUpdate + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver uses + to advertise to members of the cluster (default: node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines the + audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address (default: + 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom configuration + of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS service. + Should be in your service-cidr range (default: 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name (default: + "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components and + RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an enum field + that can take one of the following values: scheduler, + kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin Components + to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + type: string + type: array + type: object + etcd: + description: Etcd defines optional custom configuration of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to retain + Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible Object + Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location (optional) + (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + - s3CredentialSecret + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time in cron + spec. eg. every 5 hours ''* */5 * * *'' (default: "0 + */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of etcd snapshots. + Default: etcd-snapshot- (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings for + ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component + command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to + be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for the + Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom configuration + of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to reserve + for services with NodePort visibility (default: "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a Subject + Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + required: + - infrastructureRef + type: object + status: + description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ControlPlane is the Schema for the rke2controlplanes API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneSpec defines the desired state of RKE2ControlPlane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 for a + certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded containerd + and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the bootstrap + data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet with + set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that CAPI + will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap containing + resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime binaries + (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd snapshotter + (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to be used + for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files in + cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content to + populate the file. + properties: + secret: + description: SecretFileSource represents a secret that should + populate this file. + properties: + key: + description: Key is the key in the secret's data map + for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, e.g. + "root:root". + type: string + path: + description: Path specifies the full path on disk where to store + the file. + type: string + permissions: + description: Permissions specifies the permissions to assign + to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + machineTemplate: + description: |- + MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + required: + - infrastructureRef + type: object + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to run after + rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run before + rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd configuration + for private registries and local registry mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used to communicate + with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the registry + mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + - control-plane-endpoint + - "" + type: string + replicas: + description: Replicas is the number of replicas for the Control Plane. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control plane machines + with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only if RolloutStrategyType + = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver uses + to advertise to members of the cluster (default: node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines the + audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address (default: + 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom configuration + of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS service. + Should be in your service-cidr range (default: 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name (default: + "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components and + RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an enum field + that can take one of the following values: scheduler, + kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin Components + to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + type: string + type: array + type: object + etcd: + description: Etcd defines optional custom configuration of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to retain + Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible Object + Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to false + to skip verifying the registry's certificate, default + is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location (optional) + (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + - s3CredentialSecret + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time in cron + spec. eg. every 5 hours ''* */5 * * *'' (default: "0 + */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of etcd snapshots. + Default: etcd-snapshot- (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings for + ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component + command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to + be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for the + Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom configuration + of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line arguments + (format: flag=value) to pass to a Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables to + pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts to be added + for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references a container + image to override the default one for the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to reserve + for services with NodePort visibility (default: "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a Subject + Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + version: + description: |- + Version defines the desired Kubernetes version. + This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated). + pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ + type: string + required: + - infrastructureRef + - rolloutStrategy + type: object + status: + description: RKE2ControlPlaneStatus defines the observed state of RKE2ControlPlane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + version: + description: |- + Version represents the minimum Kubernetes version for the control plane machines + in the cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + controller-gen.kubebuilder.io/version: v0.14.0 + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + cluster.x-k8s.io/v1beta1: v1alpha1_v1beta1 + name: rke2controlplanetemplates.controlplane.cluster.x-k8s.io + spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /convert + conversionReviewVersions: + - v1 + - v1beta1 + group: controlplane.cluster.x-k8s.io + names: + categories: + - cluster-api + kind: RKE2ControlPlaneTemplate + listKind: RKE2ControlPlaneTemplateList + plural: rke2controlplanetemplates + shortNames: + - rke2ct + singular: rke2controlplanetemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RKE2ControlPlaneTemplateSpec defines the desired state of + RKE2ControlPlaneTemplate. + type: object + status: + description: RKE2ControlPlaneTemplateStatus defines the observed state + of RKE2ControlPlaneTemplate. + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RKE2ControlPlaneTemplate is the Schema for the rke2controlplanetemplates + API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: Spec is the control plane specification for the template + resource. + properties: + template: + description: RKE2ControlPlaneTemplateResource contains spec for RKE2ControlPlaneTemplate. + properties: + spec: + description: Spec is the specification of the desired behavior + of the control plane. + properties: + agentConfig: + description: AgentConfig specifies configuration for the agent + nodes. + properties: + additionalUserData: + description: |- + AdditionalUserData is a field that allows users to specify additional cloud-init or ignition configuration to be included in the + generated cloud-init/ignition script. + properties: + config: + description: |- + In case of using ignition, the data format is documented here: https://kinvolk.io/docs/flatcar-container-linux/latest/provisioning/cl-config/ + NOTE: All fields of the UserData that are managed by the RKE2Config controller will be ignored, this include "write_files", "runcmd", "ntp". + type: string + data: + additionalProperties: + type: string + description: |- + Data allows to pass arbitrary set of key/value pairs consistent with + https://cloudinit.readthedocs.io/en/latest/reference/modules.html + to extend existing cloud-init configuration + type: object + strict: + description: Strict controls if Config should be strictly + parsed. If so, warnings are treated as errors. + type: boolean + type: object + x-kubernetes-validations: + - message: Only config or data could be populated at once + rule: '!has(self.data) || !has(self.config)' + airGapped: + description: |- + AirGapped is a boolean value to define if the bootstrapping should be air-gapped, + basically supposing that online container registries and RKE2 install scripts are not reachable. + type: boolean + airGappedChecksum: + description: |- + AirGappedChecksum is a string value with a sha256sum checksum to compare with checksum + of existing sha256sum-.txt file for packages already available on the machine + before performing air-gapped installation. + type: string + cisProfile: + description: CISProfile activates CIS compliance of RKE2 + for a certain profile + enum: + - cis + - cis-1.23 + - cis-1.5 + - cis-1.6 + type: string + containerRuntimeEndpoint: + description: ContainerRuntimeEndpoint Disable embedded + containerd and use alternative CRI implementation. + type: string + dataDir: + description: DataDir Folder to hold state. + type: string + enableContainerdSElinux: + description: |- + EnableContainerdSElinux defines the policy for enabling SELinux for Containerd + if value is true, Containerd will run with selinux-enabled=true flag + if value is false, Containerd will run without the above flag + type: boolean + format: + description: Format specifies the output format of the + bootstrap data. Defaults to cloud-config. + enum: + - cloud-config + - ignition + type: string + imageCredentialProviderConfigMap: + description: |- + ImageCredentialProviderConfigMap is a reference to the ConfigMap that contains credential provider plugin config + The config map should contain a key "credential-config.yaml" with YAML file content and + a key "credential-provider-binaries" with the a path to the binaries for the credential provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + kubeProxy: + description: KubeProxyArgs Customized flag for kube-proxy + process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubelet: + description: KubeletArgs Customized flag for kubelet process. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeletPath: + description: KubeletPath Override kubelet binary path. + type: string + loadBalancerPort: + description: |- + LoadBalancerPort local port for supervisor client load-balancer. If the supervisor and apiserver are + not colocated an additional port 1 less than this port will also be used for the apiserver client load-balancer (default: 6444). + type: integer + nodeAnnotations: + additionalProperties: + type: string + description: |- + NodeAnnotations are annotations that are created on nodes post bootstrap phase. + Unfortunately it is not possible to apply annotations via kubelet + using current bootstrap configurations. + Issue: https://github.com/kubernetes/kubernetes/issues/108046 + type: object + nodeLabels: + description: NodeLabels Registering and starting kubelet + with set of labels. + items: + type: string + type: array + nodeName: + description: NodeNamePrefix Prefix to the Node Name that + CAPI will generate. + type: string + nodeTaints: + description: NodeTaints Registering kubelet with set of + taints. + items: + type: string + type: array + ntp: + description: NTP specifies NTP configuration + properties: + enabled: + description: Enabled specifies whether NTP should + be enabled + type: boolean + servers: + description: Servers specifies which NTP servers to + use + items: + type: string + type: array + type: object + protectKernelDefaults: + description: |- + ProtectKernelDefaults defines Kernel tuning behavior. If true, error if kernel tunables are different than kubelet defaults. + if false, kernel tunable can be different from kubelet defaults + type: boolean + resolvConf: + description: ResolvConf is a reference to a ConfigMap + containing resolv.conf content for the node. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + runtimeImage: + description: RuntimeImage override image to use for runtime + binaries (containerd, kubectl, crictl, etc). + type: string + snapshotter: + description: 'Snapshotter override default containerd + snapshotter (default: "overlayfs").' + type: string + systemDefaultRegistry: + description: SystemDefaultRegistry Private registry to + be used for all system images. + type: string + type: object + files: + description: Files specifies extra files to be passed to user_data + upon creation. + items: + description: File defines the input for generating write_files + in cloud-init. + properties: + content: + description: Content is the actual content of the file. + type: string + contentFrom: + description: ContentFrom is a referenced source of content + to populate the file. + properties: + secret: + description: SecretFileSource represents a secret + that should populate this file. + properties: + key: + description: Key is the key in the secret's + data map for this value. + type: string + name: + description: Name of the secret in the RKE2BootstrapConfig's + namespace to use. + type: string + required: + - key + - name + type: object + required: + - secret + type: object + encoding: + description: Encoding specifies the encoding of the + file contents. + enum: + - base64 + - gzip + - gzip+base64 + type: string + owner: + description: Owner specifies the ownership of the file, + e.g. "root:root". + type: string + path: + description: Path specifies the full path on disk where + to store the file. + type: string + permissions: + description: Permissions specifies the permissions to + assign to the file, e.g. "0640". + type: string + required: + - path + type: object + type: array + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + machineTemplate: + description: |- + MachineTemplate contains information about how machines + should be shaped when creating or updating a control plane. + properties: + infrastructureRef: + description: |- + InfrastructureRef is a required reference to a custom resource + offered by an infrastructure provider. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + metadata: + description: |- + Standard object's metadata. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + properties: + annotations: + additionalProperties: + type: string + description: |- + Annotations is an unstructured key value map stored with a resource that may be + set by external tools to store and retrieve arbitrary metadata. They are not + queryable and should be preserved when modifying objects. + More info: http://kubernetes.io/docs/user-guide/annotations + type: object + labels: + additionalProperties: + type: string + description: |- + Map of string keys and values that can be used to organize and categorize + (scope and select) objects. May match selectors of replication controllers + and services. + More info: http://kubernetes.io/docs/user-guide/labels + type: object + type: object + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + required: + - infrastructureRef + type: object + manifestsConfigMapReference: + description: |- + ManifestsConfigMapReference references a ConfigMap which contains Kubernetes manifests to be deployed automatically on the cluster + Each data entry in the ConfigMap will be will be copied to a folder on the control plane nodes that RKE2 scans and uses to deploy manifests. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + nodeDrainTimeout: + description: |- + NodeDrainTimeout is the total amount of time that the controller will spend on draining a controlplane node + The default value is 0, meaning that the node can be drained without any time limitations. + NOTE: NodeDrainTimeout is different from `kubectl drain --timeout` + type: string + postRKE2Commands: + description: PostRKE2Commands specifies extra commands to + run after rke2 setup runs. + items: + type: string + type: array + preRKE2Commands: + description: PreRKE2Commands specifies extra commands to run + before rke2 setup runs. + items: + type: string + type: array + privateRegistriesConfig: + description: PrivateRegistriesConfig defines the containerd + configuration for private registries and local registry + mirrors. + properties: + configs: + additionalProperties: + description: RegistryConfig contains configuration used + to communicate with the registry. + properties: + authSecret: + description: |- + Auth is a reference to a Secret containing information to authenticate to the registry. + The Secret must provite a username and a password data entry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + tls: + description: |- + TLS is a pair of CA/Cert/Key which then are used when creating the transport + that communicates with the registry. + properties: + insecureSkipVerify: + description: InsecureSkipVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + tlsConfigSecret: + description: |- + TLSConfigSecret is a reference to a secret of type `kubernetes.io/tls` thich has up to 3 entries: tls.crt, tls.key and ca.crt + which describe the TLS configuration necessary to connect to the registry. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + description: |- + Configs are configs for each registry. + The key is the FDQN or IP of the registry. + type: object + mirrors: + additionalProperties: + description: Mirror contains the config related to the + registry mirror. + properties: + endpoint: + description: |- + Endpoints are endpoints for a namespace. CRI plugin will try the endpoints + one by one until a working one is found. The endpoint must be a valid url + with host specified. + The scheme, host and path from the endpoint URL will be used. + items: + type: string + type: array + rewrite: + additionalProperties: + type: string + description: |- + Rewrites are repository rewrite rules for a namespace. When fetching image resources + from an endpoint and a key matches the repository via regular expression matching + it will be replaced with the corresponding value from the map in the resource request. + type: object + type: object + description: Mirrors are namespace to mirror mapping for + all namespaces. + type: object + type: object + registrationAddress: + description: |- + RegistrationAddress is an explicit address to use when registering a node. This is required if + the registration type is "address". Its for scenarios where a load-balancer or VIP is used. + type: string + registrationMethod: + description: RegistrationMethod is the method to use for registering + nodes into the RKE2 cluster. + enum: + - internal-first + - internal-only-ips + - external-only-ips + - address + - control-plane-endpoint + - "" + type: string + replicas: + description: Replicas is the number of replicas for the Control + Plane. + format: int32 + type: integer + rolloutStrategy: + description: The RolloutStrategy to use to replace control + plane machines with new ones. + properties: + rollingUpdate: + description: Rolling update config params. Present only + if RolloutStrategyType = RollingUpdate. + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of control planes that can be scheduled above or under the + desired number of control planes. + Value can be an absolute number 1 or 0. + Defaults to 1. + Example: when this is set to 1, the control plane can be scaled + up immediately when the rolling update starts. + x-kubernetes-int-or-string: true + type: object + type: + description: |- + Type of rollout. Currently the only supported strategy is "RollingUpdate". + Default is RollingUpdate. + type: string + type: object + serverConfig: + description: ServerConfig specifies configuration for the + agent nodes. + properties: + advertiseAddress: + description: 'AdvertiseAddress IP address that apiserver + uses to advertise to members of the cluster (default: + node-external-ip/node-ip).' + type: string + auditPolicySecret: + description: AuditPolicySecret path to the file that defines + the audit policy configuration. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + bindAddress: + description: 'BindAddress describes the rke2 bind address + (default: 0.0.0.0).' + type: string + cloudControllerManager: + description: CloudControllerManager defines optional custom + configuration of the Cloud Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + cloudProviderConfigMap: + description: |- + CloudProviderConfigMap is a reference to a ConfigMap containing Cloud provider configuration. + The config map must contain a key named cloud-config. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + cloudProviderName: + description: CloudProviderName cloud provider name. + type: string + clusterDNS: + description: 'ClusterDNS is the cluster IP for CoreDNS + service. Should be in your service-cidr range (default: + 10.43.0.10).' + type: string + clusterDomain: + description: 'ClusterDomain is the cluster domain name + (default: "cluster.local").' + type: string + cni: + description: |- + CNI describes the CNI Plugins to deploy, one of none, calico, canal, cilium; + optionally with multus as the first value to enable the multus meta-plugin (default: canal). + enum: + - none + - calico + - canal + - cilium + type: string + cniMultusEnable: + description: |- + CNIMultusEnable enables multus as the first CNI plugin (default: false). + This option will automatically make Multus a primary CNI, and the value, if specified in the CNI field, as a secondary CNI plugin. + type: boolean + disableComponents: + description: DisableComponents lists Kubernetes components + and RKE2 plugin components that will be disabled. + properties: + kubernetesComponents: + description: KubernetesComponents is a list of Kubernetes + components to disable. + items: + description: 'DisabledKubernetesComponent is an + enum field that can take one of the following + values: scheduler, kubeProxy or cloudController.' + enum: + - scheduler + - kubeProxy + - cloudController + type: string + type: array + pluginComponents: + description: PluginComponents is a list of PluginComponents + to disable. + items: + description: DisabledPluginComponent selects a plugin + Components to be disabled. + enum: + - rke2-coredns + - rke2-ingress-nginx + - rke2-metrics-server + type: string + type: array + type: object + etcd: + description: Etcd defines optional custom configuration + of ETCD. + properties: + backupConfig: + description: 'BackupConfig defines how RKE2 will snapshot + ETCD: target storage, schedule, etc.' + properties: + directory: + description: Directory to save db snapshots. + type: string + disableAutomaticSnapshots: + description: |- + DisableAutomaticSnapshots defines the policy for ETCD snapshots. + true means automatic snapshots will be scheduled, false means automatic snapshots will not be scheduled. + type: boolean + retention: + description: 'Retention Number of snapshots to + retain Default: 5 (default: 5).' + type: string + s3: + description: S3 Enable backup to an S3-compatible + Object Store. + properties: + bucket: + description: Bucket S3 bucket name. + type: string + endpoint: + description: 'Endpoint S3 endpoint url (default: + "s3.amazonaws.com").' + type: string + endpointCAsecret: + description: |- + EndpointCA references the Secret that contains a custom CA that should be trusted to connect to S3 endpoint. + The secret must contain a key named "ca.pem" that contains the CA certificate. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + enforceSslVerify: + description: EnforceSSLVerify may be set to + false to skip verifying the registry's certificate, + default is true. + type: boolean + folder: + description: Folder S3 folder. + type: string + region: + description: 'Region S3 region / bucket location + (optional) (default: "us-east-1").' + type: string + s3CredentialSecret: + description: |- + S3CredentialSecret is a reference to a Secret containing the Access Key and Secret Key necessary to access the target S3 Bucket. + The Secret must contain the following keys: "aws_access_key_id" and "aws_secret_access_key". + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + TODO: this design is not final and this field is subject to change in the future. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - endpoint + - s3CredentialSecret + type: object + scheduleCron: + description: 'ScheduleCron Snapshot interval time + in cron spec. eg. every 5 hours ''* */5 * * + *'' (default: "0 */12 * * *").' + type: string + snapshotName: + description: 'SnapshotName Set the base name of + etcd snapshots. Default: etcd-snapshot- + (default: "etcd-snapshot").' + type: string + type: object + customConfig: + description: CustomConfig defines the custom settings + for ETCD. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a + Kubernetes Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment + variables to pass on to a Kubernetes Component + command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one + for the Kubernetes Component + type: string + type: object + exposeMetrics: + description: |- + ExposeEtcdMetrics defines the policy for ETCD Metrics exposure. + if value is true, ETCD metrics will be exposed + if value is false, ETCD metrics will NOT be exposed + type: boolean + type: object + kubeAPIServer: + description: KubeAPIServer defines optional custom configuration + of the Kube API Server. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeControllerManager: + description: KubeControllerManager defines optional custom + configuration of the Kube Controller Manager. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + kubeScheduler: + description: KubeScheduler defines optional custom configuration + of the Kube Scheduler. + properties: + extraArgs: + description: 'ExtraArgs is a list of command line + arguments (format: flag=value) to pass to a Kubernetes + Component command.' + items: + type: string + type: array + extraEnv: + additionalProperties: + type: string + description: ExtraEnv is a map of environment variables + to pass on to a Kubernetes Component command. + type: object + extraMounts: + additionalProperties: + type: string + description: ExtraMounts is a map of volume mounts + to be added for the Kubernetes component StaticPod + type: object + overrideImage: + description: OverrideImage is a string that references + a container image to override the default one for + the Kubernetes Component + type: string + type: object + pauseImage: + description: PauseImage Override image to use for pause. + type: string + serviceNodePortRange: + description: 'ServiceNodePortRange is the port range to + reserve for services with NodePort visibility (default: + "30000-32767").' + type: string + tlsSan: + description: TLSSan Add additional hostname or IP as a + Subject Alternative Name in the TLS cert. + items: + type: string + type: array + type: object + version: + description: |- + Version defines the desired Kubernetes version. + This field takes precedence over RKE2ConfigSpec.AgentConfig.Version (which is deprecated). + pattern: (v\d\.\d{2}\.\d+\+rke2r\d)|^$ + type: string + required: + - infrastructureRef + - rolloutStrategy + type: object + required: + - spec + type: object + required: + - template + type: object + status: + description: Status is the current state of the control plane. + properties: + availableServerIPs: + description: AvailableServerIPs is a list of the Control Plane IP + adds that can be used to register further nodes. + items: + type: string + type: array + conditions: + description: Conditions defines current service state of the RKE2Config. + items: + description: Condition defines an observation of a Cluster API resource + operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: |- + Type of condition in CamelCase or in foo.example.com/CamelCase. + Many .condition.type values are consistent across resources like Available, but because arbitrary conditions + can be useful (see .node.status.conditions), the ability to deconflict is important. + type: string + required: + - lastTransitionTime + - status + - type + type: object + type: array + dataSecretName: + description: DataSecretName is the name of the secret that stores + the bootstrap data script. + type: string + failureMessage: + description: FailureMessage will be set on non-retryable errors. + type: string + failureReason: + description: FailureReason will be set on non-retryable errors. + type: string + initialized: + description: Initialized indicates the target cluster has completed + initialization. + type: boolean + observedGeneration: + description: ObservedGeneration is the latest generation observed + by the controller. + format: int64 + type: integer + ready: + description: Ready indicates the BootstrapData field is ready to be + consumed. + type: boolean + readyReplicas: + description: ReadyReplicas is the number of replicas current attached + to this ControlPlane Resource and that have Ready Status. + format: int32 + type: integer + replicas: + description: Replicas is the number of replicas current attached to + this ControlPlane Resource. + format: int32 + type: integer + unavailableReplicas: + description: UnavailableReplicas is the number of replicas current + attached to this ControlPlane Resource and that are up-to-date with + Control Plane config. + format: int32 + type: integer + updatedReplicas: + description: UpdatedReplicas is the number of replicas current attached + to this ControlPlane Resource and that are up-to-date with Control + Plane config. + format: int32 + type: integer + version: + description: |- + Version represents the minimum Kubernetes version for the control plane machines + in the cluster. + type: string + type: object + type: object + served: true + storage: true + --- + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: Role + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-leader-election-role + namespace: rke2-control-plane-system + rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + --- + aggregationRule: + clusterRoleSelectors: + - matchLabels: + rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-aggregated-manager-role + rules: [] + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + rke2.controlplane.cluster.x-k8s.io/aggregate-to-manager: "true" + name: rke2-control-plane-manager-role + rules: + - apiGroups: + - "" + resources: + - configmaps + - events + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create + - apiGroups: + - bootstrap.cluster.x-k8s.io + resources: + - rke2configs + verbs: + - create + - delete + - get + - list + - patch + - watch + - apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machinepools + - machinepools/status + - machines + - machines/status + - machinesets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes + verbs: + - create + - delete + - get + - list + - patch + - update + - watch + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes/finalizers + verbs: + - update + - apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - rke2controlplanes/status + verbs: + - get + - patch + - update + - apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-leader-election-rolebinding + namespace: rke2-control-plane-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: rke2-control-plane-leader-election-role + subjects: + - kind: ServiceAccount + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-manager-rolebinding + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: rke2-control-plane-aggregated-manager-role + subjects: + - kind: ServiceAccount + name: rke2-control-plane-manager + namespace: rke2-control-plane-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + spec: + ports: + - port: 443 + targetPort: webhook-server + selector: + cluster.x-k8s.io/provider: control-plane-rke2 + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + name: rke2-control-plane-controller-manager + namespace: rke2-control-plane-system + spec: + replicas: 1 + selector: + matchLabels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: manager + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + control-plane: controller-manager + spec: + containers: + - args: + - --leader-elect + - --diagnostics-address=${CAPRKE2_DIAGNOSTICS_ADDRESS:=:8443} + - --insecure-diagnostics=${CAPRKE2_INSECURE_DIAGNOSTICS:=false} + command: + - /manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_UID + valueFrom: + fieldRef: + fieldPath: metadata.uid + image: ghcr.io/rancher/cluster-api-provider-rke2-controlplane:v0.6.1 + imagePullPolicy: IfNotPresent + livenessProbe: + httpGet: + path: /healthz + port: healthz + name: manager + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + - containerPort: 8443 + name: metrics + protocol: TCP + readinessProbe: + httpGet: + path: /readyz + port: healthz + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 64Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + runAsGroup: 65532 + runAsUser: 65532 + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + serviceAccountName: rke2-control-plane-manager + terminationGracePeriodSeconds: 10 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + volumes: + - name: cert + secret: + secretName: rke2-control-plane-webhook-service-cert + --- + apiVersion: cert-manager.io/v1 + kind: Certificate + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-serving-cert + namespace: rke2-control-plane-system + spec: + dnsNames: + - rke2-control-plane-webhook-service.rke2-control-plane-system.svc + - rke2-control-plane-webhook-service.rke2-control-plane-system.svc.cluster.local + issuerRef: + kind: Issuer + name: rke2-control-plane-selfsigned-issuer + secretName: rke2-control-plane-webhook-service-cert + subject: + organizations: + - Rancher by SUSE + --- + apiVersion: cert-manager.io/v1 + kind: Issuer + metadata: + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-selfsigned-issuer + namespace: rke2-control-plane-system + spec: + selfSigned: {} + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-mutating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane + failurePolicy: Fail + name: mrke2controlplane.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanes + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /mutate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate + failurePolicy: Fail + name: mrke2controlplanetemplate.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanetemplates + sideEffects: None + --- + apiVersion: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + metadata: + annotations: + cert-manager.io/inject-ca-from: rke2-control-plane-system/rke2-control-plane-serving-cert + labels: + cluster.x-k8s.io/provider: control-plane-rke2 + name: rke2-control-plane-validating-webhook-configuration + webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplane + failurePolicy: Fail + name: vrke2controlplane.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanes + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: rke2-control-plane-webhook-service + namespace: rke2-control-plane-system + path: /validate-controlplane-cluster-x-k8s-io-v1beta1-rke2controlplanetemplate + failurePolicy: Fail + name: vrke2controlplanetemplate.kb.io + rules: + - apiGroups: + - controlplane.cluster.x-k8s.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - rke2controlplanetemplates + sideEffects: None + metadata: | + # maps release series of major.minor to cluster-api contract version + # the contract version may change between minor or major versions, but *not* + # between patch versions. + # + # update this file only when a new major or minor version is released + apiVersion: clusterctl.cluster.x-k8s.io/v1alpha3 + kind: Metadata + releaseSeries: + - major: 0 + minor: 1 + contract: v1beta1 + - major: 0 + minor: 2 + contract: v1beta1 + - major: 0 + minor: 3 + contract: v1beta1 + - major: 0 + minor: 4 + contract: v1beta1 + - major: 0 + minor: 5 + contract: v1beta1 + - major: 0 + minor: 6 + contract: v1beta1 +kind: ConfigMap +metadata: + creationTimestamp: null + name: v0.6.1 + namespace: rke2-control-plane-system + labels: + provider-components: rke2-control-plane diff --git a/packages/rancher-turtles-airgap-resources/package.yaml b/packages/rancher-turtles-airgap-resources/package.yaml new file mode 100644 index 00000000..be2ca60e --- /dev/null +++ b/packages/rancher-turtles-airgap-resources/package.yaml @@ -0,0 +1,2 @@ +url: local +version: 0.3.0 diff --git a/scripts/turtles_airgap_cms.sh b/scripts/turtles_airgap_cms.sh index 6d91f722..67e3ef15 100755 --- a/scripts/turtles_airgap_cms.sh +++ b/scripts/turtles_airgap_cms.sh @@ -9,12 +9,7 @@ CAPI_CAPM3_VERSION="${CAPI_CAPM3_VERSION:-"1.7.1"}" CAPI_RKE2_VERSION="${CAPI_RKE2_VERSION:-"0.6.1"}" SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -PACKAGE_CHARTS_DIR="../packages/rancher-turtles/charts/templates" -if [ ! -d ${SCRIPTDIR}/${PACKAGE_CHARTS_DIR} ]; then - echo "Error ${PACKAGE_CHARTS_DIR} not found!" - echo "Run PACKAGE=rancher-turtles make prepare" - exit 1 -fi +PACKAGE_CHARTS_DIR="../packages/rancher-turtles-airgap-resources/chart/templates" # FIXME could use TMPDIR perhaps CAPI_TMPDIR="${CAPI_TMPDIR:-/tmp/turtles_airgap_cms}"