diff --git a/cluster/addons.go b/cluster/addons.go index ec37fa81..457d8239 100644 --- a/cluster/addons.go +++ b/cluster/addons.go @@ -43,6 +43,7 @@ const ( CoreDNSProvider = "coredns" KubeDNSProvider = "kube-dns" + Nodelocal = "nodelocal" ) var DNSProviders = []string{KubeDNSProvider, CoreDNSProvider} @@ -101,6 +102,16 @@ type KubeDNSOptions struct { LinearAutoscalerParams string } +type NodelocalOptions struct { + RBACConfig string + NodelocalImage string + ClusterDomain string + ClusterDNSServer string + IPAddress string + NodeSelector map[string]string + UpdateStrategy *appsv1.DaemonSetUpdateStrategy +} + type addonError struct { err string isCritical bool @@ -329,7 +340,7 @@ func (c *Cluster) deployCoreDNS(ctx context.Context, data map[string]interface{} if err := c.doAddonDeploy(ctx, coreDNSYaml, getAddonResourceName(c.DNS.Provider), false); err != nil { return err } - log.Infof(ctx, "[addons] CoreDNS deployed successfully..") + log.Infof(ctx, "[addons] CoreDNS deployed successfully") return nil } @@ -587,7 +598,6 @@ func (c *Cluster) deployDNS(ctx context.Context, data map[string]interface{}) er log.Warnf(ctx, "Failed to deploy addon execute job [%s]: %v", getAddonResourceName(c.DNS.Provider), err) } log.Infof(ctx, "[dns] DNS provider %s deployed successfully", c.DNS.Provider) - return nil case CoreDNSProvider: if err := c.deployCoreDNS(ctx, data); err != nil { if err, ok := err.(*addonError); ok && err.isCritical { @@ -596,11 +606,62 @@ func (c *Cluster) deployDNS(ctx context.Context, data map[string]interface{}) er log.Warnf(ctx, "Failed to deploy addon execute job [%s]: %v", getAddonResourceName(c.DNS.Provider), err) } log.Infof(ctx, "[dns] DNS provider %s deployed successfully", c.DNS.Provider) - return nil case "none": return nil default: log.Warnf(ctx, "[dns] No valid DNS provider configured: %s", c.DNS.Provider) return nil } + // Check for nodelocal DNS + if c.DNS.Nodelocal == nil { + AddonJobExists, err := addons.AddonJobExists(getAddonResourceName(Nodelocal)+"-deploy-job", c.LocalKubeConfigPath, c.K8sWrapTransport) + if err != nil { + return err + } + if AddonJobExists { + log.Infof(ctx, "[dns] removing %s", Nodelocal) + if err := c.doAddonDelete(ctx, getAddonResourceName(Nodelocal), false); err != nil { + return err + } + + log.Infof(ctx, "[dns] %s removed successfully", Nodelocal) + return nil + } + } + if c.DNS.Nodelocal != nil && c.DNS.Nodelocal.IPAddress != "" { + if err := c.deployNodelocal(ctx, data); err != nil { + if err, ok := err.(*addonError); ok && err.isCritical { + return err + } + log.Warnf(ctx, "Failed to deploy addon execute job [%s]: %v", getAddonResourceName(Nodelocal), err) + } + return nil + } + return nil +} + +func (c *Cluster) deployNodelocal(ctx context.Context, data map[string]interface{}) error { + log.Infof(ctx, "[dns] Setting up %s", Nodelocal) + NodelocalConfig := NodelocalOptions{ + NodelocalImage: c.SystemImages.Nodelocal, + RBACConfig: c.Authorization.Mode, + ClusterDomain: c.ClusterDomain, + ClusterDNSServer: c.ClusterDNSServer, + IPAddress: c.DNS.Nodelocal.IPAddress, + NodeSelector: c.DNS.Nodelocal.NodeSelector, + UpdateStrategy: c.DNS.Nodelocal.UpdateStrategy, + } + tmplt, err := templates.GetVersionedTemplates(kdm.Nodelocal, data, c.Version) + if err != nil { + return err + } + nodelocalYaml, err := templates.CompileTemplateFromMap(tmplt, NodelocalConfig) + if err != nil { + return err + } + if err := c.doAddonDeploy(ctx, nodelocalYaml, getAddonResourceName(Nodelocal), false); err != nil { + return err + } + log.Infof(ctx, "[dns] %s deployed successfully", Nodelocal) + return nil } diff --git a/cluster/cluster.go b/cluster/cluster.go index 0a7287b7..ecb60aff 100644 --- a/cluster/cluster.go +++ b/cluster/cluster.go @@ -108,6 +108,7 @@ const ( monitoringAddon = "monitoring" dnsAddon = "dns" networkAddon = "network" + nodelocalAddon = "nodelocal" ) func (c *Cluster) DeployControlPlane(ctx context.Context, svcOptionData map[string]*v3.KubernetesServicesOptions, reconcileCluster bool) (string, error) { @@ -420,9 +421,16 @@ func parseAddonConfig(clusterFile string, rkeConfig *v3.RancherKubernetesEngineC networkAddon: daemonsetType, monitoringAddon: deploymentType, dnsAddon: deploymentType, + nodelocalAddon: daemonsetType, } for addonName, addonType := range addonsResourceType { - updateStrategyField := values.GetValueN(r, addonName, "update_strategy") + var updateStrategyField interface{} + // nodelocal is a field under dns + if addonName == nodelocalAddon { + updateStrategyField = values.GetValueN(r, "dns", addonName, "update_strategy") + } else { + updateStrategyField = values.GetValueN(r, addonName, "update_strategy") + } if updateStrategyField == nil { continue } @@ -437,6 +445,8 @@ func parseAddonConfig(clusterFile string, rkeConfig *v3.RancherKubernetesEngineC rkeConfig.Ingress.UpdateStrategy = updateStrategy case networkAddon: rkeConfig.Network.UpdateStrategy = updateStrategy + case nodelocalAddon: + rkeConfig.DNS.Nodelocal.UpdateStrategy = updateStrategy } case deploymentType: updateStrategy, err := parseDeploymentUpdateStrategy(updateStrategyField) diff --git a/cluster/defaults.go b/cluster/defaults.go index c747f594..ee0695ae 100644 --- a/cluster/defaults.go +++ b/cluster/defaults.go @@ -453,6 +453,7 @@ func (c *Cluster) setClusterImageDefaults() error { &c.SystemImages.Ingress: d(imageDefaults.Ingress, privRegURL), &c.SystemImages.IngressBackend: d(imageDefaults.IngressBackend, privRegURL), &c.SystemImages.MetricsServer: d(imageDefaults.MetricsServer, privRegURL), + &c.SystemImages.Nodelocal: d(imageDefaults.Nodelocal, privRegURL), // this's a stopgap, we could drop this after https://github.com/kubernetes/kubernetes/pull/75618 merged &c.SystemImages.WindowsPodInfraContainer: d(imageDefaults.WindowsPodInfraContainer, privRegURL), } diff --git a/cluster/plan.go b/cluster/plan.go index b976695e..8b34184b 100644 --- a/cluster/plan.go +++ b/cluster/plan.go @@ -571,6 +571,11 @@ func (c *Cluster) BuildKubeletProcess(host *hosts.Host, prefixPath string, servi } } + // If nodelocal DNS is configured, set cluster-dns to local IP + if c.DNS.Nodelocal != nil && c.DNS.Nodelocal.IPAddress != "" { + CommandArgs["cluster-dns"] = c.DNS.Nodelocal.IPAddress + } + for arg, value := range CommandArgs { cmd := fmt.Sprintf("--%s=%s", arg, value) Command = append(Command, cmd) diff --git a/cluster/validation.go b/cluster/validation.go index 9561d349..a9a5d503 100644 --- a/cluster/validation.go +++ b/cluster/validation.go @@ -2,6 +2,7 @@ package cluster import ( "context" + "errors" "fmt" "strings" @@ -122,16 +123,16 @@ func validateServicesOptions(c *Cluster) error { // Validate external etcd information if len(c.Services.Etcd.ExternalURLs) > 0 { if len(c.Services.Etcd.CACert) == 0 { - return fmt.Errorf("External CA Certificate for etcd can't be empty") + return errors.New("External CA Certificate for etcd can't be empty") } if len(c.Services.Etcd.Cert) == 0 { - return fmt.Errorf("External Client Certificate for etcd can't be empty") + return errors.New("External Client Certificate for etcd can't be empty") } if len(c.Services.Etcd.Key) == 0 { - return fmt.Errorf("External Client Key for etcd can't be empty") + return errors.New("External Client Key for etcd can't be empty") } if len(c.Services.Etcd.Path) == 0 { - return fmt.Errorf("External etcd path can't be empty") + return errors.New("External etcd path can't be empty") } } @@ -147,10 +148,10 @@ func validateEtcdBackupOptions(c *Cluster) error { if c.Services.Etcd.BackupConfig != nil { if c.Services.Etcd.BackupConfig.S3BackupConfig != nil { if len(c.Services.Etcd.BackupConfig.S3BackupConfig.Endpoint) == 0 { - return fmt.Errorf("etcd s3 backup backend endpoint can't be empty") + return errors.New("etcd s3 backup backend endpoint can't be empty") } if len(c.Services.Etcd.BackupConfig.S3BackupConfig.BucketName) == 0 { - return fmt.Errorf("etcd s3 backup backend bucketName can't be empty") + return errors.New("etcd s3 backup backend bucketName can't be empty") } if len(c.Services.Etcd.BackupConfig.S3BackupConfig.CustomCA) != 0 { if isValid, err := pki.IsValidCertStr(c.Services.Etcd.BackupConfig.S3BackupConfig.CustomCA); !isValid { @@ -188,10 +189,10 @@ func ValidateHostCount(c *Cluster) error { } return fmt.Errorf("Cluster must have at least one etcd plane host: failed to connect to the following etcd host(s) %v", failedEtcdHosts) } - return fmt.Errorf("Cluster must have at least one etcd plane host: please specify one or more etcd in cluster config") + return errors.New("Cluster must have at least one etcd plane host: please specify one or more etcd in cluster config") } if len(c.EtcdHosts) > 0 && len(c.Services.Etcd.ExternalURLs) > 0 { - return fmt.Errorf("Cluster can't have both internal and external etcd") + return errors.New("Cluster can't have both internal and external etcd") } return nil } @@ -255,25 +256,25 @@ func validateSystemImages(c *Cluster) error { func validateKubernetesImages(c *Cluster) error { if len(c.SystemImages.Etcd) == 0 { - return fmt.Errorf("etcd image is not populated") + return errors.New("etcd image is not populated") } if len(c.SystemImages.Kubernetes) == 0 { - return fmt.Errorf("kubernetes image is not populated") + return errors.New("kubernetes image is not populated") } if len(c.SystemImages.PodInfraContainer) == 0 { - return fmt.Errorf("pod infrastructure container image is not populated") + return errors.New("pod infrastructure container image is not populated") } if len(c.SystemImages.Alpine) == 0 { - return fmt.Errorf("alpine image is not populated") + return errors.New("alpine image is not populated") } if len(c.SystemImages.NginxProxy) == 0 { - return fmt.Errorf("nginx proxy image is not populated") + return errors.New("nginx proxy image is not populated") } if len(c.SystemImages.CertDownloader) == 0 { - return fmt.Errorf("certificate downloader image is not populated") + return errors.New("certificate downloader image is not populated") } if len(c.SystemImages.KubernetesServicesSidecar) == 0 { - return fmt.Errorf("kubernetes sidecar image is not populated") + return errors.New("kubernetes sidecar image is not populated") } return nil } @@ -282,40 +283,40 @@ func validateNetworkImages(c *Cluster) error { // check network provider images if c.Network.Plugin == FlannelNetworkPlugin { if len(c.SystemImages.Flannel) == 0 { - return fmt.Errorf("flannel image is not populated") + return errors.New("flannel image is not populated") } if len(c.SystemImages.FlannelCNI) == 0 { - return fmt.Errorf("flannel cni image is not populated") + return errors.New("flannel cni image is not populated") } } else if c.Network.Plugin == CanalNetworkPlugin { if len(c.SystemImages.CanalNode) == 0 { - return fmt.Errorf("canal image is not populated") + return errors.New("canal image is not populated") } if len(c.SystemImages.CanalCNI) == 0 { - return fmt.Errorf("canal cni image is not populated") + return errors.New("canal cni image is not populated") } if len(c.SystemImages.CanalFlannel) == 0 { - return fmt.Errorf("flannel image is not populated") + return errors.New("flannel image is not populated") } } else if c.Network.Plugin == CalicoNetworkPlugin { if len(c.SystemImages.CalicoCNI) == 0 { - return fmt.Errorf("calico cni image is not populated") + return errors.New("calico cni image is not populated") } if len(c.SystemImages.CalicoCtl) == 0 { - return fmt.Errorf("calico ctl image is not populated") + return errors.New("calico ctl image is not populated") } if len(c.SystemImages.CalicoNode) == 0 { - return fmt.Errorf("calico image is not populated") + return errors.New("calico image is not populated") } if len(c.SystemImages.CalicoControllers) == 0 { - return fmt.Errorf("calico controllers image is not populated") + return errors.New("calico controllers image is not populated") } } else if c.Network.Plugin == WeaveNetworkPlugin { if len(c.SystemImages.WeaveCNI) == 0 { - return fmt.Errorf("weave cni image is not populated") + return errors.New("weave cni image is not populated") } if len(c.SystemImages.WeaveNode) == 0 { - return fmt.Errorf("weave image is not populated") + return errors.New("weave image is not populated") } } return nil @@ -325,25 +326,28 @@ func validateDNSImages(c *Cluster) error { // check dns provider images if c.DNS.Provider == "kube-dns" { if len(c.SystemImages.KubeDNS) == 0 { - return fmt.Errorf("kubedns image is not populated") + return errors.New("kubedns image is not populated") } if len(c.SystemImages.DNSmasq) == 0 { - return fmt.Errorf("dnsmasq image is not populated") + return errors.New("dnsmasq image is not populated") } if len(c.SystemImages.KubeDNSSidecar) == 0 { - return fmt.Errorf("kubedns sidecar image is not populated") + return errors.New("kubedns sidecar image is not populated") } if len(c.SystemImages.KubeDNSAutoscaler) == 0 { - return fmt.Errorf("kubedns autoscaler image is not populated") + return errors.New("kubedns autoscaler image is not populated") } } else if c.DNS.Provider == "coredns" { if len(c.SystemImages.CoreDNS) == 0 { - return fmt.Errorf("coredns image is not populated") + return errors.New("coredns image is not populated") } if len(c.SystemImages.CoreDNSAutoscaler) == 0 { - return fmt.Errorf("coredns autoscaler image is not populated") + return errors.New("coredns autoscaler image is not populated") } } + if c.DNS.Nodelocal != nil && len(c.SystemImages.Nodelocal) == 0 { + return errors.New("nodelocal image is not populated") + } return nil } @@ -351,7 +355,7 @@ func validateMetricsImages(c *Cluster) error { // checl metrics server image if c.Monitoring.Provider != "none" { if len(c.SystemImages.MetricsServer) == 0 { - return fmt.Errorf("metrics server images is not populated") + return errors.New("metrics server images is not populated") } } return nil @@ -361,10 +365,10 @@ func validateIngressImages(c *Cluster) error { // check ingress images if c.Ingress.Provider != "none" { if len(c.SystemImages.Ingress) == 0 { - return fmt.Errorf("ingress image is not populated") + return errors.New("ingress image is not populated") } if len(c.SystemImages.IngressBackend) == 0 { - return fmt.Errorf("ingress backend image is not populated") + return errors.New("ingress backend image is not populated") } } return nil diff --git a/data/bindata.go b/data/bindata.go index 3d3b8c1c..473b28ef 100644 --- a/data/bindata.go +++ b/data/bindata.go @@ -77,7 +77,7 @@ func (fi bindataFileInfo) Sys() interface{} { return nil } -var _dataDataJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\xbd\x7b\x53\xdc\xba\xf6\x26\xfc\xff\xfe\x14\xaa\xce\x99\xda\x33\xbf\xc2\x7d\xe1\x16\xc2\x54\xea\x2d\x36\x90\xa4\x2b\x09\x30\x40\x92\x39\x75\x38\x45\x09\x5b\x74\x7b\x70\x4b\xde\x96\x4d\xc2\x61\x32\x9f\xfd\x2d\x5d\x6c\xcb\xd7\xb6\xfb\x06\x0d\xab\x4f\xd5\xd9\xc1\xd6\xdd\xd2\xb3\x96\x96\xd6\x7a\xf4\xf8\x07\xea\x7c\xde\xe3\xdf\x49\xc0\x5d\x46\x2f\x48\x70\xef\xda\xe4\xd4\x0f\x5d\x46\x79\x67\x1f\x3d\xfe\x81\x50\xe7\x7e\xd0\x1d\xf4\xf5\x1f\xa8\x43\x42\xdb\xe9\xec\x23\x1a\x79\xde\x86\x7c\x70\x17\xdd\x10\xec\xbb\x71\x02\xd4\xc1\x9e\xc7\x7e\x5a\x7e\xe0\xde\xbb\x1e\x19\x11\x91\xba\x13\x06\x11\xe9\x6c\xe8\xf7\x94\xd1\x87\x09\x8b\xb8\x85\xa3\x70\x2c\xde\xde\x62\x8f\x27\xaf\x6f\x5c\xea\x58\xd8\x71\x02\xc2\x45\x13\x3a\xfd\xae\xfc\x5f\xfc\x9a\x50\x7c\xe3\x11\x0b\x3b\x13\x97\x8b\x36\x5b\xbe\x17\x8d\x5c\xd9\xda\xce\x09\x9e\x10\xee\x63\x9b\x7c\x71\x6f\x89\xfd\x60\x7b\x64\xe3\x8b\x3b\x71\xc3\x73\x4c\x47\x24\xd8\xd0\xdd\x3b\xb0\x6d\x16\xd1\x70\xe3\x88\xdc\xe2\xc8\x0b\x2f\x42\x16\xe0\x11\x39\xf4\x30\xe7\xf1\xb3\x4b\xe6\x91\x00\x87\x72\x48\x6c\x46\x1d\xbe\xf1\x35\x0a\x71\xe8\xd2\xd1\x41\x5c\xef\x0f\x72\x33\x66\xec\x6e\xe3\x3b\xf6\x5c\xa7\xfc\xd5\x39\xe1\x2c\x0a\x6c\xf2\xbf\x22\x16\xe2\x8d\x13\xe6\x90\x73\xc2\xc3\xc0\xb5\x45\xc1\x71\x7f\x5c\xca\x89\x1d\x05\xc4\xf2\x59\x10\xca\xfe\xc6\x6f\xc4\xc0\x7a\x24\xb4\xfc\x80\xdc\x92\x20\x20\xc9\xa8\x58\xe1\x83\x4f\x64\x87\x87\x34\x24\x01\xc5\xde\xf0\x6c\xe3\xf8\x57\xf2\xcf\x4f\x8c\x87\x14\x4f\x92\x11\xf5\x03\x76\xeb\x7a\x2e\x1d\x15\xc6\x3a\x20\x7f\x47\x84\x87\x63\x82\x1d\x12\x58\xe4\x57\x18\x60\x4b\xfd\xc1\x65\xb5\xee\x2f\x91\xe5\x7f\x5b\xe7\x64\xc2\x42\x62\x1d\xcb\x04\xe5\x99\x47\x01\x8b\xfc\x38\x73\x26\xd7\x47\xf1\xa6\x3c\x53\xc4\x45\x9b\x27\xa4\x34\xdf\x37\x4e\x82\x24\x5b\x44\x43\x77\x42\x2c\x9b\xd1\x5b\x57\xf6\x43\xcc\x1d\x16\xb8\xff\x91\x5f\xa9\x7b\xb7\xc7\xbb\x2e\xeb\xdd\x0f\x6e\x48\x88\x07\xef\xcd\xe9\x96\x1b\xde\xdd\xed\xed\xad\xf4\x95\x9c\x10\x16\x56\x33\xc2\xf2\x18\xbb\x8b\xfc\xfc\x7c\xe5\x6a\x82\x58\x37\xd8\xbe\x23\x54\x4e\x67\xb1\x08\x92\x52\x42\x8f\x5b\xb6\xeb\x8f\x49\x60\xf1\xc8\x0d\xd5\x97\xb9\xfc\x72\x71\x7d\x7c\x78\xf4\xe9\x58\xfc\xff\xc5\xc1\xf5\x8f\xe1\xe5\xa7\xeb\x83\xe3\x8b\xeb\xc1\xe6\xde\xf5\xc7\xc3\xaf\xd7\x17\x9f\x0e\x36\x77\x76\x37\x2a\xd3\x6d\xee\xec\xc6\xe9\xb6\xf6\xb6\xcb\xd3\x1d\x7e\x3a\x38\xfc\x74\xb0\xd9\xbf\x3e\x3b\xfd\xf2\xcf\xc1\x56\x7f\xc7\x48\x76\xde\xa8\xd2\xf3\x46\x55\x9e\x57\x56\xd8\x11\x43\xf0\x3b\x05\x02\x8f\x84\x06\x10\x54\x2e\xe2\x39\x21\x42\x3c\x24\x34\x74\x6d\xf9\xf1\xad\x90\xdd\x11\x6a\xfd\x54\xab\xae\x50\x94\x39\x4f\xac\x09\x73\x88\x48\xa1\x97\x68\x9c\xc8\x96\xb3\x97\x5b\x3e\x09\xac\xbf\x99\xfa\x80\x46\x19\x36\x75\xad\x1b\x97\x5a\x8e\x1b\x88\x57\x3d\xe6\x87\x3d\x9b\xba\xbd\x1b\x97\x9a\x49\xc4\xe4\x4c\xd2\x90\xd0\x96\x69\x28\x09\xbb\x4e\x0a\x5e\xb7\x2c\xb0\x89\x45\x99\x43\x2c\x31\x08\x36\x0e\x05\x9c\x89\x1c\x49\x9a\x7b\x42\x43\xeb\x6f\x9f\x67\xc0\x60\x82\xef\x88\xe5\xfa\x32\x35\xb7\xa2\xd0\xf5\x2c\x7b\x8c\x35\xee\x99\xfd\xa5\x24\xfc\xc9\x82\x3b\x0d\x8b\xe2\xad\x4d\xdd\x74\xf5\x61\xc7\x62\xd4\x7b\x28\xa2\x4d\x40\x38\xf3\xee\x65\x1f\x92\xf6\xab\x67\x5d\xf9\x2c\x59\x0c\x01\xc1\x13\x97\x8e\x44\x4a\x4a\x24\x94\x59\xae\xe3\x11\x4b\xac\x4f\x16\xc9\x42\xb7\xfa\x13\x58\x1c\xfd\x9d\x78\x0c\xee\x45\x9f\x37\x93\xbf\x98\x17\x4d\x88\xfe\x3e\xc9\x74\xb9\xc7\x41\xcf\x73\x6f\x7a\x7a\x11\xf5\x54\xaa\x58\xb6\xe5\x56\x99\x1f\xb0\x5f\x0f\xe9\x3a\x1b\x13\xec\x85\xe3\xff\x58\x79\xc9\x39\xd8\x7c\x2b\x97\xdd\x20\xd7\x90\x5c\x69\x87\x8c\x86\x01\xf3\x3c\x12\x34\x5d\xba\x36\x0e\xf5\x1c\xb6\x5d\x27\x28\x4c\x41\xb5\xba\x23\x1a\xe2\xd1\x88\x38\x96\xed\xb1\xa8\xb0\xc2\x15\x90\x0b\x60\x96\xaf\xad\x80\x45\x7a\x72\x64\x56\xba\x96\xf6\x63\xc6\x43\x1f\x87\x63\xcb\x0f\xd8\xbd\x2b\x64\xac\x6c\x6c\x36\xad\xa7\xa5\x98\x47\xec\xb0\xb0\x2a\x44\x63\x27\x8c\xba\x21\x13\xa2\x0a\xdb\x44\xac\x75\x97\xc9\x76\x6d\xf7\x79\x22\x2a\x99\x63\x91\x7b\x25\xa1\xcd\x19\xbd\x33\x31\xd2\x54\x8a\xd3\x90\x04\x13\x97\xe2\x90\x38\x96\x28\x68\x64\x5b\xe1\x38\x20\x7c\xcc\x3c\x59\xcf\xa0\xdf\xef\x57\x7f\x0a\x6e\x8f\x89\x13\x35\xfc\x0a\x75\x7d\xad\x6e\x9f\x59\xe9\x1f\xba\x62\xa9\xde\x0d\x40\xbd\x03\xf5\x0e\xd4\x3b\x50\xef\x40\xbd\x03\xf5\x0e\xd4\x3b\x50\xef\x40\xbd\x7b\x49\xea\xdd\x26\xa8\x77\xa0\xde\x81\x7a\x07\xea\x1d\xa8\x77\xa0\xde\x81\x7a\x07\xea\x1d\xa8\x77\x2f\x49\xbd\xdb\x02\xf5\x0e\xd4\x3b\x50\xef\x40\xbd\x03\xf5\x0e\xd4\x3b\x50\xef\x40\xbd\x03\xf5\xee\x25\xa9\x77\xdb\xa0\xde\x2d\x58\xbd\xdb\x38\x0b\x5c\x16\xb8\xe1\x03\xe8\x79\xa0\xe7\xbd\x00\x51\x06\x7a\x1e\xe8\x79\xa0\xe7\x81\x9e\x07\x7a\xde\x5a\xeb\x79\xdd\x41\xdf\x0a\x30\xb5\xc7\x24\x18\x58\x05\x97\x3c\xdd\x1c\xdb\x73\x05\x34\xd9\x24\x08\x13\x5c\xce\x54\x4c\x48\x60\x55\x26\xca\xcd\x3a\xd0\x1d\x41\x77\x04\xdd\xf1\x55\x8b\x47\xd0\x1d\x41\x77\x04\xdd\x11\x74\x47\xd0\x1d\xd7\x5b\x77\x7c\x07\xaa\x23\xa8\x8e\xa0\x3a\x82\xea\x08\xaa\x23\xa8\x8e\xa0\x3a\x3e\xf9\xe2\x00\xd5\x11\x54\xc7\xb5\x50\x1d\x77\xe0\x78\x79\x59\x7a\xde\xc6\x25\x76\x69\x28\xde\xf2\xbf\x1e\x0e\x19\x75\x5c\xf5\x9a\x04\xdc\xe5\x21\xa1\xe1\x77\xb9\xd2\x0f\x3d\xec\x4e\xce\x09\x77\xff\x43\x40\x33\x04\xcd\xf0\x05\x08\xbf\x19\x35\x43\xd0\xfc\x40\xf3\x5b\xff\xc9\x0f\x9a\x1f\x68\x7e\xeb\xa1\xf9\xc1\x81\x33\x68\x93\xa0\x4d\x82\x36\xf9\xcc\x05\x2a\x68\x93\xa0\x4d\xbe\xda\xc9\x0f\xda\x24\x68\x93\x6b\xa2\x4d\xee\xa6\xca\x64\x81\x71\x06\x94\x49\x50\x26\x41\x99\x04\x65\xf2\xc9\xe5\x29\x28\x93\xa0\x4c\xbe\xda\xc9\x0f\xca\x24\x28\x93\x6b\xa2\x4c\xbe\x05\xcb\x24\x28\x93\xa0\x4c\x82\x32\xf9\x9c\xe5\x29\x28\x93\xa0\x4c\xbe\xda\xc9\x0f\xca\x24\x28\x93\x6b\xa2\x4c\x42\x70\x0c\x28\x93\xa0\x4c\x82\x32\xf9\xac\xe5\x29\x28\x93\xa0\x4c\xbe\xda\xc9\x0f\xca\x24\x28\x93\x6b\xa1\x4c\xee\x42\xb8\x0c\x68\x7e\xa0\xf9\x81\xe6\x07\x9a\x1f\x68\x7e\xa0\xf9\x81\xe6\x07\x9a\xdf\x6b\xd1\xfc\xba\x5b\x60\x46\x04\x65\x12\x94\x49\x50\x26\x9f\xb3\x3c\x05\x65\x12\x94\xc9\x57\x3b\xf9\x41\x99\x04\x65\x72\x4d\x94\xc9\x6d\x50\x26\x41\x99\x04\x65\x12\x94\xc9\xe7\x2c\x4f\x41\x99\x04\x65\xf2\xd5\x4e\x7e\x50\x26\x41\x99\x5c\x13\x65\x72\x17\x94\x49\x50\x26\x41\x99\x04\x65\xf2\x39\xcb\x53\x50\x26\x41\x99\x7c\xb5\x93\x1f\x94\x49\x50\x26\xd7\x4f\x99\x04\x1e\x1f\x50\x26\x41\x99\x04\x65\xf2\xf9\xc9\x53\x50\x26\x41\x99\x7c\xb5\x93\x1f\x94\x49\x50\x26\xd7\x44\x99\x04\x1e\x1f\x50\x26\x41\x99\x04\x65\xf2\x59\xcb\x53\x50\x26\x41\x99\x7c\xb5\x93\x1f\x94\x49\x50\x26\xd7\x42\x99\x7c\x3b\xa3\xfe\xa8\x3f\xcf\xfd\x26\x28\x96\xa0\x58\x82\x62\x09\x8a\x25\x28\x96\xa0\x58\x82\x62\x09\x8a\x25\x28\x96\xa0\x58\xde\x0f\xba\xef\xda\x50\xfa\x24\x3a\x99\xad\xe6\x8d\x28\x33\xa7\x74\x4d\x51\xd1\xf2\x5a\xcf\x17\x7c\x43\xbc\x52\x4d\x2d\xab\x5c\x55\xea\x6d\x39\xad\x2b\x3b\x0f\x41\x47\xad\xd7\x51\x41\xd1\x04\x45\xf3\x05\xc8\xda\x19\x15\xcd\xf9\x20\x02\x14\x51\x50\x44\xd7\x61\x71\x80\x22\x0a\x8a\xe8\x73\x56\x44\xff\x90\x75\x77\x3e\xef\xf1\xef\x42\x37\x64\xf4\xfc\xf3\xf1\xc5\x03\x0f\xc9\x64\x38\xc1\x23\xf9\x39\x1e\x63\x23\x68\xbf\x5b\x77\x67\x77\x47\xbf\xea\xd9\x2c\x20\x8c\x5b\xe2\xf1\xfe\xfd\x56\x77\xd0\x1d\xe8\x89\xdf\xc1\x9e\xef\x52\x62\xa6\x0d\xee\x88\x15\x32\xe6\xf1\xfd\xfb\x7e\x77\xd0\xdd\xd6\x09\xe9\xc8\xa5\xbf\xce\xf4\x14\x9f\x96\xd8\x26\x41\x78\xc4\x7e\x52\x8f\x89\x01\x69\x90\x41\xcc\xf8\x80\x92\x90\x70\xad\x0e\xf2\x0b\xd7\x21\x36\x6e\x9a\xd7\x51\x90\x1b\xa7\xbc\xdb\xe3\x96\x43\xb9\x25\x5e\xc9\x7f\xe0\x89\xb3\xbb\xbd\x3f\xe8\x0e\xb6\xbb\x7b\x3a\x9b\x43\xf9\x04\xf3\xbf\xcb\xb2\xe9\x57\x16\xc5\x94\x3e\x94\xe5\xd5\x55\x96\xb4\x31\x2e\x82\xab\x57\x35\x99\x0f\xa2\x90\x71\x1b\x7b\xd9\xf1\xb1\xbd\x88\x87\x24\x10\x4b\x4a\x08\x03\x97\x51\xec\x09\x71\xab\x93\x26\xe5\x25\xb3\xce\x18\x3a\xb3\x9c\xf1\x83\x4f\x02\xf1\x6a\x3f\x3f\x4d\x74\xb6\x5b\x0f\x53\x4a\xbc\x92\x59\xa2\xdf\x88\x41\x7e\xd7\xcd\x25\x3f\xa4\x6e\x75\x0e\xcb\xa6\xae\xc8\xb5\x99\xb4\xcd\xc6\x9e\x6b\xb3\x13\x2d\xde\x93\x5c\xf2\xa9\x84\x2a\x3d\x1b\x33\xc9\xf3\x75\xa8\xd4\xb2\xec\x92\xc4\xa1\x57\x96\x38\xf4\xf6\xef\x37\x8d\x41\xb2\x31\xc5\x5e\x8b\x76\x50\x5c\xe8\x6a\x65\x33\x28\xf6\x3e\xb4\x1b\xcc\x9f\x04\xdf\x93\xb8\x35\xf2\x0f\xa1\x1c\xf0\x9e\xfc\xa7\x9c\xb4\xfb\x9b\xdd\x41\x77\xd3\x4c\xae\x9b\x53\x48\x4d\x7d\x3b\x93\xd8\x67\xce\x90\xde\x06\x58\xc8\x0f\xec\xd2\xec\xec\xf2\x71\xc4\x89\x9e\x43\x5b\x49\x73\x5c\x3a\x8a\x01\x2d\x4e\x28\x57\xbb\xa5\x5f\xc4\x9b\x5b\x8f\x04\xfb\x7d\x31\x99\x36\xe3\xc9\xb4\x95\x2d\xe1\xaf\x54\x17\x9f\x56\x90\xe5\xa8\x3d\x9d\x56\xdf\xf7\xc5\x72\xce\x1c\xef\xf4\xbb\x83\xb8\x96\xcd\xe5\x20\xdb\x5e\x1b\x64\xdb\x6b\x8b\x6c\x7b\x73\x20\xdb\x1e\x20\x5b\x73\x64\x4b\xa7\x09\x20\x1b\x20\xdb\x7a\x20\xdb\x60\xc9\x4a\xdb\x60\xab\x0d\xb6\x25\xa9\x1b\x83\x5b\x92\x63\x16\x74\xcb\x64\x06\x78\x9b\x06\x6f\x03\xd0\xdc\x00\xdf\x16\x83\x6f\xbb\x29\xbe\x0d\x16\x8a\x6f\xaa\xac\x09\x09\x03\xd7\x96\x48\x90\x6d\xbc\x7e\x61\x71\xf9\x46\xf7\x42\x4e\xb7\x41\x01\x1a\x37\x01\x1a\x01\x1a\x1b\x42\x63\x61\x36\x03\x34\x02\x34\xbe\x58\x68\xdc\x5a\xf2\x7e\x78\xd0\x6f\x85\x8c\xfd\xd6\xc8\x58\x5c\xdd\x2d\x90\xb1\x0f\xc8\xd8\x1c\x19\xb7\x60\x4f\x0c\xc0\xb8\x5e\x7b\xe2\x9d\x65\xeb\x7d\x80\x6e\x2f\x05\xdd\x76\x40\xed\x03\x74\x5b\x5b\x74\x2b\x90\xe8\xc0\xae\x16\xd0\x0d\xd0\x0d\xd0\xed\x15\x6e\x6a\x07\xdd\x59\x4e\x42\x36\xbb\x83\xbd\x57\x0d\x8c\x89\xba\x38\x0b\x32\xe6\x75\xcd\x76\xd0\x98\xcf\xbd\x4a\x6c\x34\x67\x0b\x60\x23\x60\xe3\x4b\xc7\xc6\x59\x8e\x42\x00\x1b\x5f\x2b\x36\xc2\x61\x08\x60\xe3\xab\xc4\xc6\xc6\x1b\xea\x56\xd8\xb8\xdb\x0a\x1b\x77\x5b\x63\xe3\xee\x3c\xd8\xb8\x0b\xd8\xb8\x02\x6c\x1c\xa4\xd5\xb4\x01\xc7\xad\xb6\xe0\xb8\xd5\x06\x1c\xb7\x96\x07\x8e\x5b\x2d\xc0\x71\xab\x35\x38\x1a\xa3\x09\xe8\xb8\x64\x74\xac\xbb\x9a\x1a\xd0\x11\xd0\x31\x8b\x8e\x5b\x80\x8e\x80\x8e\xaf\x08\x1d\x67\x39\x6a\x06\x74\x7c\xad\xe8\x38\xdb\x79\x0c\xa0\x23\xa0\xe3\x7a\xa2\x63\xdd\xe5\x81\x0b\x41\xc7\x9d\x56\xe8\xb8\xd3\x1a\x1d\x77\xe6\x41\xc7\x1d\x40\xc7\x56\xe8\xb8\x0b\xe8\x08\xe8\xf8\x8a\xd0\x71\x0f\xd0\x11\xd0\xb1\x31\x3a\xee\x01\x3a\x02\x3a\xbe\x22\x74\x7c\x07\xe8\x08\xe8\xd8\x18\x1d\xdf\x01\x3a\x02\x3a\xbe\x4e\x74\x5c\xca\x99\xf5\x66\x2b\x46\x9b\xcd\xd6\x94\x36\x9b\xf3\x70\xda\x6c\xce\x48\x6a\x03\xe8\x08\xe8\x08\xe8\xf8\xba\xd0\x71\x6b\x39\xa7\x32\xd6\x66\xbb\x73\x99\x24\x7d\x8b\x93\x99\x24\xcf\x6c\x67\x33\x99\xec\x80\x92\x80\x92\x80\x92\x80\x92\x29\x4a\x6e\xce\x44\xf7\xba\xd9\xdd\xdc\x6e\x8e\x92\xed\x30\xb2\x3d\x42\xce\x85\x8f\x33\xa2\xe3\xd6\x3c\xe8\xb8\x35\x17\x3a\x6e\x2d\x07\x1d\xc5\x27\xd6\x23\xa0\xff\xd9\xd3\xff\xdd\x1f\x88\x0f\x9e\x4d\xb6\x4a\x4c\xde\x9c\x91\x6b\x16\x30\x19\x30\x79\x0d\x30\x79\xab\x88\xc9\xb3\xc5\x30\x02\x26\x03\x26\xaf\x0e\x93\x67\x8b\x9c\x04\x4c\x06\x4c\x5e\x53\x4c\x9e\x55\x51\xce\x77\x6c\xfa\x05\x09\xad\x88\x85\xb6\x5b\x13\x0b\x6d\xcf\x43\x2c\xb4\xdd\x82\x58\x68\x46\x5c\x9e\x15\x91\x17\x88\xc5\x55\x28\x6c\x7e\x66\x51\xf3\xa2\xd1\x78\x16\x1c\x9e\x5d\x39\xae\xc8\x98\x83\xa9\x22\x14\xe7\xf3\x01\x26\xcf\x81\xc9\x3b\xd9\xe4\xf5\x98\x9c\x26\x9e\x8e\xc9\x33\xa3\xf1\xe6\x20\xfd\xc4\x0b\xe5\x30\xca\xcf\x9b\x86\xb0\xdc\x00\x90\x5b\x9c\x7e\xcd\x02\xc8\xad\xcc\xbc\xdb\xad\x8d\xbc\xdb\xf3\x98\x78\xb7\x5b\x18\x78\x01\x90\x01\x90\x01\x90\x01\x90\x97\x03\xc8\xb3\xc5\x88\xb6\xb0\x5a\xb4\xf2\x46\x18\xb4\xf6\x46\x18\xcc\xe3\x8d\x30\x98\xd5\x1b\x01\xac\x16\xab\xb4\x5a\x40\x64\xea\xfa\x01\x32\x58\x2d\x66\xb7\x5a\x6c\x2f\x19\x93\x37\xdf\xb6\xc1\xe4\x24\x75\x73\x0f\xb1\xb7\x73\x60\x72\x26\x33\x60\xf2\x73\xc5\xe4\x82\x1a\x02\x98\x0c\x98\xfc\x82\x31\x79\x36\xb6\x00\x38\xdd\x7b\x69\x98\xdc\x0c\x1d\x81\x2d\x60\xfd\xd0\x71\x69\x26\x84\x39\xd1\xd1\x34\x24\xac\x01\x3a\xb6\xb2\xea\x82\xc6\xfa\xb2\xd0\xf1\x39\x6b\xac\x80\xc9\x80\xc9\xaf\x09\x93\x67\x63\x70\x01\x8d\xf5\xa5\x61\x72\x33\x74\x04\x06\x17\x40\xc7\x57\x8a\x8e\xcb\xf5\x43\x78\x31\xaa\xeb\xcb\xf3\x43\x58\x96\x8a\xba\x52\xf8\x05\xf7\x83\x97\x8c\xc4\x2f\xdd\xfd\xe0\x2d\x28\xa9\xa0\xa4\x36\x46\xc9\xb7\xa0\xa4\x02\x34\xbe\x22\x25\xf5\x2d\x28\xa9\xa0\xa4\x3e\x1f\x25\x75\x76\xf8\x05\x25\xf5\x25\x23\xf1\x2b\x52\x52\x5b\x70\xd2\xcc\x02\xc3\x2f\x85\xba\xeb\xe5\xc1\xb0\xf9\x99\x9f\x49\xcc\x02\xc0\x31\xc0\xf1\x2b\x87\xe3\xed\xe5\xd8\x0c\x5e\x32\x45\x18\xd8\x0e\xc0\x76\xf0\xea\x21\xf2\x15\xd8\x0e\x66\x23\xe1\x9e\x41\x69\xdd\xda\x6e\x03\x96\x49\xea\xc6\x50\x99\xe4\x98\x05\x28\x33\x99\x41\x69\x7d\x7a\xa5\x75\x76\xa6\x46\x50\x5a\x5f\x32\x22\xbf\x6c\xa5\x75\x0b\xd8\xc1\xda\x2b\xab\xe9\xf4\x69\xaf\xab\xee\x74\xe7\x60\xb3\x2d\x64\x5e\xa5\xa6\xba\xf5\xac\x49\xba\xb6\x73\xc9\x6b\x01\xa9\x90\x78\x71\xb8\xb8\x9d\x4d\xdd\xb8\x19\x6b\x87\x8b\x2f\x5e\x53\xcd\x40\x23\x04\x0f\xbc\x56\x68\x9c\x72\xe2\xb5\xbb\x00\x6d\x15\x00\x19\x00\x19\x00\xb9\x09\x20\x2f\x9f\x5e\xfc\xc5\x5a\x58\x5f\x1e\x32\x37\xc4\xc8\xe7\x4c\xf7\x0d\x20\x09\x20\xb9\x4c\x90\x04\x26\xc3\xc6\x06\xd6\xf6\xf8\x38\x23\x32\x2e\x0e\x13\x67\xb1\xae\x2e\x42\x5f\x5d\x2d\x0a\xaf\xd4\xbc\x0a\x80\x0c\xe6\xd5\xc5\x9a\x57\x67\xb5\xaf\xb6\x46\xe3\x9d\x7e\x1b\x34\x4e\x52\x37\x46\xe3\x9d\xe2\x8a\x6f\x8e\xc6\x3b\x7d\x40\xe3\x67\x84\xc6\xb3\x1b\x0e\x00\x8d\x01\x8d\x0b\x68\xac\x5e\xf4\xbb\x9b\x3b\x45\x93\xd4\x73\xc4\xe4\x4d\xc0\x64\xc0\xe4\xe7\x86\xc9\x05\xa6\x39\xc0\x64\xc0\xe4\x57\x88\xc9\x9b\x80\xc9\x80\xc9\xcf\x0d\x93\x37\x01\x93\x01\x93\x5f\x1b\x26\x2f\x9b\xee\x1b\x5c\xc3\x5e\xcc\x29\xdb\x73\x66\xdd\x06\x74\x84\x43\xb6\x45\x1f\xb2\x6d\x03\x01\xc2\x0c\x04\x08\x2f\x48\x5b\x5d\x96\x2f\xd8\x4a\xb1\x17\x94\xd4\x97\x0c\xc3\x2f\xfd\x68\x0d\x6e\x3e\x00\xf5\xb4\x21\x44\x3e\x67\x8a\x6d\xc0\x45\x50\x4f\x17\xad\x9e\xce\x7a\xed\x01\xa8\xa7\xa0\x9e\x2e\x5a\x3d\x9d\x1d\x7b\x41\x3d\x7d\xc9\x30\xfc\x8a\xd4\x53\x20\xe7\x7a\x8d\x18\x6c\x7e\xe3\x67\x72\xa0\x05\x58\x0c\x58\xfc\x1a\xb1\x78\x56\x36\xef\xd7\xcd\x39\x03\x58\xbc\x4c\x2c\x5e\x13\x96\x44\xc0\x62\xc0\xe2\x85\x62\xf1\xac\xfc\x5f\x60\xb6\x7d\x75\x66\xdb\xd9\x39\xb9\xc0\x6c\xfb\xe2\x70\xf1\x15\x98\x6d\xdf\xad\x2c\x72\xb7\x95\x0f\xec\x76\x6b\x1f\xd8\xed\x79\x7c\x60\xb7\xc1\x07\xf6\x19\xa9\xa9\x6b\xc2\x8b\x08\x70\x0c\x6a\xea\x02\xd5\xd4\xed\x99\x78\x11\xcb\xe2\xdc\xc1\x7c\xfb\xfc\xb1\x78\xab\xd9\x11\x5a\x3a\xe3\xe7\xc4\xe0\xad\x56\x18\xbc\x3d\x07\xcf\x17\x60\x30\x60\xf0\x0a\x31\xb8\x70\xbe\xb0\x30\x0c\x6e\xac\x0f\x03\x06\xbf\x20\x0c\xae\xd6\x87\x01\x8b\x01\x8b\x01\x8b\x57\x89\xc5\xb3\x70\x2f\xce\x04\xc6\x3b\xad\x68\xc5\x76\x5a\xd3\x8a\xed\xcc\x43\x2b\xb6\xf3\x2a\x68\xc5\xd6\x06\x8c\x9f\x8e\x56\x6c\x67\x75\x68\x9c\x2c\x72\x5e\x92\x49\x4e\xb6\x14\x07\x38\xe0\xf9\x8b\x0e\xf1\x5d\x30\xaa\x6f\xad\x0a\xd4\xc1\x31\x02\x40\xbd\x21\xa8\x6f\x81\x86\x0d\x88\xfc\x0a\x35\xec\x59\xe2\xd9\x66\xc2\x62\x38\xfd\x03\x2c\x6e\x88\xc5\xe0\x30\x0c\x58\xfc\x1a\xb1\x78\x77\x65\x58\x0c\x1c\xea\x80\xc5\xcd\xb0\x78\x17\xb0\x18\xb0\xf8\x15\x62\xf1\x2c\xc1\x1b\xb3\x19\x9e\x5b\xe9\xc5\xc0\x0c\xf9\x8a\xb1\xf8\xe9\x82\x37\x56\x68\x77\x06\x2c\x06\xab\x71\x29\x22\xef\x01\x22\x03\x22\x3f\x33\x44\xde\x03\x44\x06\x44\x06\x44\x6e\xc1\x9e\x3e\x1b\x22\x0f\x5a\x21\xf2\xa0\x35\x22\x0f\xe6\x41\xe4\x01\x20\xf2\x33\x44\xe4\x95\x93\xa7\x03\x22\x03\x22\x3f\x35\x22\xcf\x12\xe6\x0c\x88\x0c\x88\xbc\x4c\x44\x7e\xba\x58\x3e\x40\x64\x40\xe4\x67\x84\xc8\xcb\x8d\x26\x01\x07\x66\x40\x64\x40\x64\x40\x64\x40\xe4\x5a\x44\xde\xe9\xae\x2c\xa4\x04\xbc\x8f\x01\x91\x1b\x21\xf2\x4e\x25\xb0\x4e\x01\x8e\x12\x76\x99\xa5\x7a\x59\xbc\x4d\x88\x67\x1a\x20\x72\x21\x71\xeb\x88\x92\x42\x09\x8b\xc3\x74\xb3\xe8\x69\x98\x9e\x4b\xdb\x0c\xd3\x07\x6d\x31\x7d\xb3\x0d\xa6\x6f\x2e\x1b\xd3\x9f\xab\x9f\xc6\x56\x1e\xcd\x21\x42\x10\x14\xec\x67\x07\xe7\xb3\x46\x08\x2e\x00\xcf\x5b\x69\xd8\x80\xe7\xaf\x05\xcf\x9f\xb7\x8e\x1e\xcb\x97\x9f\x2e\x75\xd8\x4f\x7e\x56\x37\x0a\x62\x80\x3d\x12\x5a\x6a\x34\x94\x2e\x9b\x17\x0a\xb3\x5c\xb5\x0f\x41\x2d\x20\x13\x96\x29\x13\x66\xbc\x69\x1f\x54\x7c\x10\x09\xaf\x5c\xc5\x5f\x59\xb8\x38\x84\xc5\x00\x9a\x37\x44\xf3\x19\xc3\xc5\x01\xcd\x01\xcd\x5f\x39\x9a\xcf\x72\xbf\x3f\xb8\x71\x03\x9a\x2f\x13\xcd\x67\xbc\xcc\x1a\xcc\x35\x80\xe6\xaf\xd3\x5c\x53\x8d\xe9\x4b\x76\x72\x01\x4c\x07\x4c\x07\x4c\x07\x4c\x07\x4c\x7f\xe6\x26\xf8\x95\xf1\x4a\x81\x48\x00\x91\xd0\x50\x24\xcc\xc8\x2b\x05\x22\x01\x44\xc2\xeb\x14\x09\xd5\x98\x0e\x6a\x3e\x60\x3a\x60\x3a\x60\x3a\x60\xfa\xba\x61\xfa\x92\xd4\xfc\xcd\x65\x8b\x04\x08\x38\x05\x91\xd0\x52\x24\xb4\xa3\x00\x00\x91\x00\x22\x01\x44\xc2\xfc\x22\x61\x77\x65\xbb\x04\x10\x09\x20\x12\x9a\x89\x84\x19\x59\x6c\x41\x24\x80\x48\x00\x91\x30\xbf\x48\x58\x1d\x99\x2e\xc4\x68\x81\x48\x68\x26\x12\x66\x24\xd3\x05\x91\x00\x22\x01\x44\xc2\xfc\x22\x61\x75\x4c\x65\x20\x12\x40\x24\x34\x13\x09\x33\xf2\xe2\x80\x48\x00\x91\x00\x22\x61\x5e\x91\xb0\x6b\x5e\xbc\xdf\x46\x24\x14\x3a\x01\xc7\xcb\xcf\x5f\x24\xbc\xcd\x63\x7c\xbd\x48\xd8\x4d\xd6\xda\x9c\x22\x21\xad\xb7\x89\x48\xd8\x9d\xf5\xe2\xfd\x55\x8b\x84\xbd\xee\xa0\xb9\x48\x28\x24\x6e\x2d\x12\xf2\x25\x7c\xf0\xc8\xaf\xef\xac\x4c\x2c\xf8\xcc\xd9\x74\x30\x99\x30\x6a\xdd\x7a\xe4\xd7\x3d\xf3\xf2\xf9\xa7\x4b\x89\x5c\xea\xc6\x7d\x9b\x41\x4a\xe8\x4c\xb3\xf6\x06\x84\xcc\xc2\x85\xcc\xf6\x82\x85\xcc\x8c\xd4\x10\x20\x64\x40\xc8\x2c\x4d\xc8\x3c\x1d\x35\x04\x08\x19\x10\x32\x20\x64\x96\x27\x64\xda\x5d\x8c\x32\x83\x90\x81\x23\x70\x10\x32\x2d\x85\xcc\xf3\xf6\x8a\x02\x21\x03\x42\x06\x84\x4c\x13\x21\x33\x23\x2d\x12\x08\x19\x10\x32\x4b\x13\x32\x4f\x47\x8b\x04\x42\x06\x84\x0c\x08\x99\x85\x0b\x99\x19\xd9\x9a\x66\x10\x32\x70\x4c\x0f\x42\xa6\x99\x90\x59\x13\x66\x8f\x41\x3f\x1d\xa0\xe9\x52\xa6\x98\xba\xb5\x98\x29\x14\xd1\x16\x99\x33\x05\x4c\x17\x34\xf9\xe4\xcd\xfb\xb7\x2a\x51\x63\x54\x0a\xb2\xe6\xd9\xcb\x9a\x5d\x90\x35\x20\x6b\x9e\x99\xac\x59\x93\xc0\x11\x90\x35\x20\x6b\x40\xd6\xcc\x26\x6b\xda\x04\x29\x82\xac\x01\x59\x03\xb2\xe6\xa9\x65\x4d\x63\x0f\x64\x10\x4c\x20\x98\xd6\x4c\x30\xcd\x18\x2a\x09\x82\x09\x04\xd3\xd2\x04\xd3\x9a\x84\x4a\x82\x60\x02\xc1\x04\x82\x69\x39\x82\xe9\xed\x4c\xd7\x66\x6f\x17\x0f\x84\xc1\xdb\xe0\x05\xca\xa5\x9d\xa7\x90\x4b\x6f\x9f\xf0\xd6\x6c\xf0\x36\x00\x6f\x03\x90\x31\xdd\xdd\xe5\xc9\x98\xc6\x56\xb9\x99\x64\x0c\xec\x7d\x40\xc6\xbc\x28\x19\xf3\xf4\x7b\x1f\xd8\xce\xc0\x76\x66\x8d\x44\xcd\x2c\x71\xa0\x20\x6a\x40\xd4\x2c\x51\xd4\xac\x49\x18\x28\x88\x1a\x10\x35\x20\x6a\x66\x13\x35\xb0\xab\x01\x51\x03\xa2\x66\x8d\x44\x0d\x9c\xe8\x80\x5c\x7a\xa9\x72\x69\x96\x00\x52\x90\x4b\x20\x97\x96\x28\x97\xd6\x24\x7e\x14\xe4\x12\xc8\x25\x90\x4b\x4b\x91\x4b\x7b\xdd\xc1\x60\x06\xf6\x9c\x7e\x77\xf0\xb6\xa9\x3c\xda\x6b\x23\x8e\xf6\xda\x4a\xa3\xbd\x39\x84\xd1\x5e\x73\x59\x64\xe1\x89\xb3\xbb\x2d\x84\xc4\x76\x02\xd6\x4d\x25\x52\x59\xde\xc6\x72\xa9\x26\xf3\x4c\x52\x22\x29\xaf\xdf\x86\xad\x39\x33\x4d\xda\xc8\x8a\x77\xdd\x7a\x09\x91\xcd\x11\x0b\x8a\xcd\x1c\xa2\x4e\x43\xc4\x36\x27\xfe\x85\xc4\x8b\xe3\x57\x1e\xb4\x38\x9c\x1f\xcc\x70\x38\xff\xae\xdd\xe1\xfa\xa0\x0d\xac\x0e\x5a\xc0\xaa\x9e\x43\x29\xdf\x77\x1b\x70\xed\x4b\xf1\x10\x4f\xa6\xad\x05\xc2\xea\x76\x06\xd9\xde\xcd\x74\x27\xfa\xa0\x3b\xd8\x6c\x0a\x6c\xdb\x6d\x80\x6d\xbb\x2d\xb0\x6d\xcf\x01\x6c\xdb\xb3\x01\xdb\xdb\x39\x80\xed\xed\x3c\xc0\xf6\xf6\xc9\x80\xed\xdd\x8c\x37\xda\x02\xae\x01\xae\x3d\x15\xae\xbd\x9d\x41\x61\x6b\x83\x6b\x2f\x4e\x61\x7b\x95\xb8\xf6\x16\xf4\x35\xc0\xb5\x75\xc5\xb5\xc6\x07\x77\x6d\x70\x6d\xb0\xd5\x06\xd8\x92\xd4\x8d\x91\x2d\xc9\x31\x0b\xb4\x65\x32\x03\xb6\x01\xb6\x01\xb6\xad\x04\xdb\x4a\xe8\xe0\x17\x83\x6d\xad\x2c\x7b\xba\x17\x72\xba\x0d\x24\x2c\xfe\x21\x91\xb1\xf3\x79\x8f\x7f\x27\x01\x77\x19\x25\xce\x25\x99\xf8\x1e\x56\x2b\x43\x80\xa3\x9e\x34\x09\x54\x5e\x45\xfd\xfe\x16\x79\x2f\xb0\x24\x35\xb4\xf7\x91\x7c\x6c\xab\xe3\x8d\xe4\xa9\x68\x8a\x9e\x04\xf7\x06\xf8\xa4\x45\xec\x94\x16\xb1\xdb\xed\x5b\xd8\xf3\xc7\x38\x97\x7f\xa7\x90\x3f\x49\x69\x66\x36\xa8\xc4\xb2\xf9\x77\x4b\xf2\x57\x26\x7e\x9b\x4f\xbc\x57\xda\xd6\xad\xca\xee\xee\xa5\x82\x47\x4e\xf8\x39\x46\x50\xe0\xd9\x1c\x03\x18\x67\x9f\x71\xfc\xe2\xec\x4d\x86\x2f\x4e\x3b\xf3\xe8\xe9\x02\xcc\xc1\x63\x01\x39\x3a\xb9\x28\x19\xbe\x92\xd6\xbf\xcd\xf4\x5c\x9f\x81\x95\x37\xbe\x32\x69\xc3\xb6\xef\x56\xe4\x37\x9a\x9e\x0a\x8c\x7c\xd3\x1b\x7c\xb7\x58\x42\x4c\xf9\x72\xf9\xa4\x85\x8e\x96\xb7\x3e\x3f\xc9\x8c\x22\x8c\x0e\x08\x5c\x9d\x32\xf6\x22\xb3\x96\xce\x6d\xea\xaf\xca\x6f\x54\x9e\x47\xb5\xc7\xea\x72\x45\x21\x3a\xb9\x86\xba\x6c\x51\x12\x52\x87\x09\x66\x17\xd7\xa1\x71\x07\xa5\xb5\x95\xb6\x72\x3b\x57\x87\x2c\x27\x46\xe6\xf2\x0f\xb3\x5d\xec\xae\x7a\x9c\x63\x42\x2b\x94\xb5\x57\x52\x54\x92\x67\xb3\xfa\xcb\x35\x68\x53\xc9\x6c\x53\x8f\xb7\x5a\xb7\xc9\xc8\xb3\xd9\xac\xf6\xaa\x95\x9f\x19\xf2\xf2\xca\x93\xef\x17\x6a\xa1\xf4\x99\x3c\xa4\xdf\x2f\x23\x59\xf6\x51\xe7\x8a\x3e\x3e\xba\xb7\x88\xfc\x8d\xba\xe7\x7f\x1d\x1c\x1e\x32\x7a\xeb\x8e\xd0\x55\x27\xb8\xc1\xf6\x55\xe7\xf7\xef\x2b\xfa\xe6\x0d\xe2\x21\x0e\x42\x24\x1e\xa1\x31\x09\xc8\x15\xbd\xa2\x6f\xd0\x90\xda\x5e\xe4\x10\x84\x91\x56\x25\x03\xe6\x11\x74\xcb\x02\x14\x8e\x09\x32\x74\x1e\x74\x24\x8f\x21\x2f\x48\xb8\x21\xf2\x61\xea\xa0\x1b\x97\x3a\xc8\x0d\x51\xc8\x0a\x89\xb9\xd2\xcb\xb1\x6d\xb3\x88\x86\xdd\x2b\x7a\xe7\x52\x67\x1f\x1d\xaa\x3a\xce\x99\x47\xae\x28\xf6\x5d\x2d\x7a\xf7\x65\xab\xba\x38\x0a\xc7\x2c\x70\xff\x83\x85\x1e\xdb\xbd\xdb\xe3\x5d\x97\xf5\xee\x07\x37\x24\xc4\x83\x2b\x3a\x21\x21\x76\x70\x88\xf7\xaf\x28\x42\x14\x4f\xc8\xbe\x59\xe3\x15\x0d\x22\x8f\x70\xf9\xf2\x0d\xba\x1c\x13\x74\x78\x32\x44\xbe\x17\x8d\x5c\x8a\x28\x21\x0e\x17\xcd\x1c\x91\x10\xf9\xcc\xe1\x1b\x48\xe4\xe1\x1b\xb2\x1b\xa2\x2c\xee\x63\x9b\xf0\xae\xc8\x6d\x21\xec\xbb\x1f\x03\x16\xf9\x7c\x1f\xfd\xeb\xaa\x73\xd5\xf9\xb7\x78\x8c\x50\x40\x38\x8b\x02\x5b\x57\x22\x7e\x96\x2c\x2c\xfd\x4b\x16\x6a\xfc\x99\x14\xac\x9e\xdd\x93\xe0\xc6\xcc\x3c\x22\x61\xeb\x0a\x09\x75\x7c\xe6\xd2\xd0\xa8\x46\x8f\x75\x69\x25\x6f\xd0\x37\x4e\x1c\xd1\x75\xc7\xe5\x36\xbb\x27\x41\x9c\x1c\x0d\xcf\xb8\xfc\xce\xd8\xb9\x27\x41\xe8\x72\x32\x21\xf2\x4b\xc5\xc5\xfe\xc4\xa1\x3d\x4e\xff\xf4\x5c\x1e\xd6\x94\x7a\xf9\xe0\x8f\x31\xef\xce\xd7\x39\x39\x7e\x3d\x1e\xe2\x30\xaa\xe8\xcd\x09\x21\x0e\x71\x64\xbb\x6d\x8f\xe0\xc0\xa5\x23\x24\x54\xe3\x13\x12\x0a\x35\xf7\x1b\xc5\xf7\xd8\xf5\xf0\x8d\x98\xc3\x1e\x1e\x19\xed\xf1\xcd\xee\xbc\x41\x87\x72\xea\x20\x1e\xb2\x80\x70\xc4\xd9\x84\x20\x5b\xae\x9a\x28\x90\xd3\x0f\xb9\xf4\x96\x05\x93\xf8\xdf\xb2\x69\x08\x53\xca\x42\xf9\xc8\xec\x69\xe4\x3b\x38\x24\x6a\xe2\xfd\x10\xb5\xa8\xe6\x8d\x31\x1d\x11\x39\xeb\x3e\x27\x5b\x2e\xa4\xdb\x79\xc6\x3c\xd7\x76\x2b\x26\x1c\x55\x69\x5c\x3a\xd2\x6b\xa0\x7e\xcc\x54\x6a\x5f\x97\x58\x3e\xd3\x2a\xbe\xa5\xfe\x8e\x37\x0f\xf1\x70\x88\x86\xcb\x92\x1e\xcc\xfe\xcf\xbd\x2c\x72\xeb\xc0\x98\xb4\x1a\x20\x2a\x9a\x6d\xce\x39\xa3\x13\x85\xf5\x2d\xbf\x2d\xe1\xb2\x5a\x3d\x7d\x66\x6b\x73\xcd\xdc\x33\x66\x50\x32\x7b\x26\x8c\xba\x21\x0b\x38\xba\xc7\x81\xcb\x22\x8e\x0e\xcf\x8f\xd4\xa2\x52\x73\xa9\xb4\x11\x76\xe0\x74\xfd\x80\xfd\x1f\x62\x87\x0a\xbf\xba\x2c\x18\xd5\xb6\x6c\xe4\xb1\x1b\xec\xdd\x12\xcf\xfd\xa5\xca\x35\xc6\xd1\x78\xaa\x67\xae\xf1\xf2\x66\xe4\xfb\x84\x04\x3c\x5f\xd4\xcd\xc8\x2f\x14\x94\x3c\x2b\x16\xe3\xfa\x3e\x63\x5e\xa1\x94\xd2\x99\x57\x78\xcd\x89\x89\x55\x95\x79\xb4\xf4\x31\x66\x9d\xf1\x72\xcc\x78\x98\x03\xbe\x0a\x2c\x9d\x32\x6f\xe2\xef\x16\xf1\x10\xd9\x01\xc1\x21\x91\x12\x40\xad\x60\x85\x02\xf2\x13\x32\xaa\xa4\x65\xe4\x2f\xe8\x13\x16\x86\xb0\xf6\xbb\x55\x0e\x46\xbe\xd7\xaa\x0f\xe5\x50\xd4\x0a\xe1\x18\x95\x22\x5c\xa0\x5c\xfb\x95\x63\x88\xbd\xd9\x3e\xcb\xe5\x98\x70\x82\x7c\x12\x4c\x5c\x2e\xf4\x01\x8e\x70\x40\x10\xa3\xde\x03\x0a\xc8\xdf\x51\xe0\x6a\xc8\x8f\xfc\x51\x80\x1d\x82\x6e\x03\x36\x41\xf7\x9b\xdd\x5d\x25\xc0\x6d\x4c\x55\x39\x37\x04\x05\x64\xc2\xee\x89\x83\xf0\x6d\x48\xd2\x0c\x2c\x10\x3d\xbc\x0d\x08\x1f\x23\x97\xf2\x10\x7b\x9e\x01\xe3\xf3\x7f\xde\x9a\xc5\x93\x5d\x83\x4d\x3f\xa0\x65\x59\xad\x15\xa4\x82\x8a\xf5\x97\x4b\x1d\x97\x8e\x1a\xa8\x4e\xcc\x23\xe7\xe4\x56\xbe\x8e\x87\xa2\xa6\x4a\x91\xac\x44\x9f\x2b\x2d\x9a\x47\x37\x62\x1c\x45\x9f\x2d\x9d\x49\xdb\x6c\x0f\x14\xf4\x57\xe4\x43\xa9\xd4\xd8\x47\xd2\x2e\xcb\x1f\x78\x48\x26\xa2\x98\x56\x4d\x94\x29\xd3\x4a\x54\x29\xfb\x7a\xca\x3e\x3e\x12\xea\x68\xf5\x98\x50\x27\xab\x1c\xcb\x6f\x20\x26\xa7\xcb\x91\xd2\xa8\xbf\x62\x1f\xb9\x1c\x45\x5a\xf9\x89\x3f\xb9\xd0\x9e\x39\xf1\x6e\x2d\x89\x53\x4e\xbc\xf2\xcc\x89\x96\x6a\xc0\x71\x41\xd9\xcf\x7b\x5f\xab\xe0\xaa\x8a\xea\x06\x25\xc9\xf7\x06\x5d\x32\x44\xa8\xd4\x80\xa4\x4e\xb6\x81\x38\x09\x51\x28\x3a\x11\x32\x74\x15\x6f\x1d\x42\xf1\xee\xaa\x83\xfe\x0b\x53\xe7\xbf\x64\x12\x8c\x28\xa3\xd6\x7f\x48\xc0\xd0\x3d\xf6\x22\xb5\x09\x90\x45\xa0\x80\xf8\x9e\x6b\x63\x1e\xaf\x32\x8f\xfd\xec\x22\xf4\x43\xac\x36\x9b\x4d\x26\x62\xe4\x22\x2e\x54\x31\x95\xdc\xbd\x45\x0f\x2c\x42\x63\x7c\x4f\xd0\x84\x05\x04\x85\x63\x4c\xd1\x4e\x5f\x01\x45\x17\x1d\xdc\xb0\x7b\x82\x06\x7d\xfd\x40\x6c\x21\x5c\x5d\x36\xe1\x9c\xd0\xd0\xc5\x9e\x5c\x98\xb2\x91\xd7\x5a\x55\xb8\x56\x43\x72\xd5\xa1\x8c\x92\xab\x8e\x06\xb9\xe4\x13\x08\xf8\xd2\x03\xaf\xad\x84\xa2\xbf\x11\x57\x78\xa6\x7a\x7d\x1d\xdb\x0f\xd1\x55\xe7\xc6\x0d\x1c\x51\x4a\x59\x39\x5f\x2f\xbf\xe9\xcc\x62\x8a\x58\xa2\x43\x5d\xf1\x4c\xcc\x14\xfd\x37\x25\xea\x51\x5f\x3e\x14\x0b\x3b\x1c\x5f\x4f\xc2\x48\x14\xfd\xf8\x28\x5e\xfd\xfe\x7d\xd5\x51\xc9\xf5\x1c\x93\xff\xf4\x38\x29\xc9\x31\xd8\xde\xee\xe7\x52\x67\x15\x1d\x2d\x37\x73\x08\x1e\x26\x93\x4c\xc0\x1b\xc1\xf6\x58\x21\x38\x92\xf9\xb8\x4f\x6c\x17\x7b\xaa\x20\xf9\x49\xb9\xd0\x64\xe5\x54\x50\xe5\xa0\x9f\xae\xe7\x09\xd4\xc4\x51\xc8\x84\x24\xb0\xb1\xe7\x3d\x20\x9f\xf9\x91\xd8\x72\x3a\x6a\xe8\xa8\x7b\xad\xab\xbf\x56\xd9\xf6\xd1\xff\xb5\x14\x64\x3d\xc6\xc8\x75\xd5\x11\x5f\xe7\xaa\x23\x3a\x73\xb7\xc7\x2d\x9f\x39\x96\xce\x74\xd5\xd9\x48\x53\xd9\x34\x9e\xf3\x2a\xad\xf4\x59\xce\xa4\x50\x2a\x1d\x17\xaf\xff\x15\x3f\x35\x2a\x52\x89\xc2\x07\x5f\x57\xa6\x3e\xac\x51\x82\x4a\xe0\xb1\xd1\xb5\x47\xee\x89\xa7\x52\xfd\x38\x38\x3f\x19\x9e\x7c\x2c\x24\x13\xcb\x46\x0a\xc8\xeb\xb4\xc4\xf4\x80\xa4\x90\x5c\x0c\x6e\xda\xcf\xeb\xeb\xcf\xdf\xfe\x3a\x3e\x3f\x39\xbe\x3c\xbe\xb8\x3e\x39\x3d\x3a\xbe\x3e\x39\xf8\x7a\x7c\x7d\x5d\xc8\x36\x09\x23\x91\xe3\xfa\xfa\xf0\x64\x78\xfd\xf5\xf2\xdb\xf5\x75\x2e\x81\xeb\xe3\x89\x48\x91\xe9\x65\xb6\x9f\x02\x5a\x2c\x8f\xd9\xd8\xcb\x15\x2f\x92\xf1\xe8\x86\x92\x50\x25\x8c\x38\x39\x63\xce\xa1\xeb\x04\x6a\x8d\xc4\xbf\xdf\xb9\x3a\x95\x9a\x5f\x52\x6b\xb6\xde\xbb\x3d\x5e\x5f\x8e\x39\x5c\xa5\x65\x89\x04\x1a\xc0\x3a\x7a\x75\x88\x0d\xd1\xe1\xed\x48\xad\x10\xa3\xe8\xf4\x0f\xb3\x96\xca\x6f\xef\xb3\x20\x9c\x60\xbf\x30\xde\x9c\x62\x39\x18\x61\x10\x91\xdc\x2b\x1b\xfb\xf8\xc6\xf5\xdc\xd0\x8d\xdb\x2b\x4b\xf9\x8a\x7d\xdf\xa5\x23\x1e\xe7\x32\x5b\x12\xff\x53\x8b\xff\xdf\x5a\x30\x24\xa2\x61\x82\xa9\x7b\x4b\x78\x18\x2f\x45\x6e\x18\x43\x7a\x72\xdb\x68\xc7\x87\x2b\x1b\x08\x73\xf4\x93\x78\x9e\xb4\xa0\x70\x13\xb3\xd2\xdd\x0c\x57\x46\x89\xcc\x82\x47\x4c\xd6\x27\x57\xf8\x04\x0b\x91\x2b\x13\x89\x14\x24\x50\x7b\x53\x97\x22\x6c\xee\x34\xb5\x0e\x99\x08\x9e\xc4\x7c\x93\x15\x3c\xe4\x57\x48\xa8\xd4\xb9\x9a\x5b\x5a\xaa\xc5\x10\x42\x1e\xbe\x21\x5e\xac\xe1\x08\x24\xc0\xbe\x9f\x57\x09\x7c\x62\xcb\x04\x9c\x78\xc4\x0e\x59\xa0\x53\x4f\x84\x42\xf8\xc5\xcc\x5f\x55\x02\xd2\x7a\xd2\x45\x18\xe0\x90\x8c\x1e\xf6\xb5\xfd\xab\xfb\x2d\xf3\x58\x81\x2e\x0a\xd9\x3f\xf1\xc4\xcb\xbf\x44\xff\x17\xb9\xd4\x21\x34\x44\xdb\x2a\x9d\x80\xe6\xdf\xfa\x6b\x8b\x39\xb6\x8f\xce\x99\xe7\xb9\x74\xf4\x2d\x51\xaa\x11\x0a\xcc\x47\x49\x2b\x27\xf8\x97\x61\x79\xd8\x47\x03\x43\xb3\x40\x28\xb6\xe0\xc5\xdd\x34\x47\x57\xfc\xbc\x6c\x97\xab\x3b\x2d\x7e\x86\x09\xc2\xc8\xa1\xa6\xe2\x06\xc2\x1e\xa3\x02\xd5\xc3\xb1\x9a\x5b\x81\x2b\x31\xfd\xc0\x71\x18\xe5\xa7\x42\x9f\x0e\x99\x47\xb4\xf4\x90\x72\x7c\xc3\x2c\x64\x82\x83\x3b\x35\x2b\x7d\xe6\x88\x09\x8a\x91\xad\x8b\x40\xd8\x71\x2c\x46\x37\x10\xa1\x3c\x92\x66\x17\x37\x14\xda\x3d\x37\xf3\xfb\x81\xcb\x02\x37\x7c\x40\xdc\x1e\x13\x27\x12\x23\x25\xe7\x69\x38\xc6\x21\x72\x43\x9e\xea\xce\x52\xc1\x0f\x88\xb4\x58\x3b\x66\x11\xee\xad\x28\x98\xdc\x93\x40\x96\x8e\xc8\xbd\x6b\xc7\x92\x48\xfd\x74\xd9\x24\xe8\x4a\x23\x7a\x37\x05\x20\xa1\x0d\xc7\xed\x15\x12\x68\x1f\xfd\xf9\xa7\xca\x97\x4c\x39\x39\x84\xb7\xb7\x2e\x75\xc3\x07\x63\xfc\xc4\x08\x1f\x14\x1f\x23\xb9\xfd\x70\x03\xe2\x1c\xc9\x3e\x5f\x24\xdd\x1a\x8e\x28\x4b\x1e\x1f\xff\x22\x76\x24\x86\x74\x3f\x8b\x7e\xa2\xd4\x0b\x3d\xc7\x2f\x49\x30\xe1\xfb\x79\x74\xb4\xd4\xa4\x3f\xfe\xe5\x07\x44\xed\x7c\x0a\x49\x44\xa2\x3b\xf2\xb0\x8f\xc4\xe2\xcc\x75\x96\xf1\x62\x6a\x84\x98\x2f\xbe\x30\x0b\xf6\xd1\x09\x0b\x87\xb4\x2c\x89\xd2\x06\x4a\xea\x52\xf5\xe9\xc8\x87\xf8\xb5\x90\x3d\xda\x70\xa5\xe0\x31\x5e\x6e\x27\x46\x07\x7f\x27\x40\x69\x76\x3b\xa9\xe2\xf1\x11\x05\x98\x8e\x08\xfa\xc7\xdd\x06\xfa\xc7\x3d\xda\x7f\x9f\xcd\x8e\x7e\x1b\x98\xfb\xf8\x88\xfe\x71\x87\x7e\xff\x56\xe2\x42\x24\x37\x45\xc5\xe3\xa3\xd4\xd5\xf5\xaa\x8d\x57\x99\xf8\xa5\x93\x3b\xbb\x38\xbe\xe2\x3b\x82\xb8\xd0\xee\x4c\x1b\xb5\x9c\x5f\xf1\x6c\x72\x84\x06\x25\x14\x29\xa5\xa3\xa6\xb9\x2d\x44\x6e\x6f\x89\x1d\x8a\xd1\xd4\xdf\x9f\x98\xe3\x96\x8e\xf6\xf1\x2f\x97\x67\xd7\xc3\x57\x1c\xdc\xd5\x2e\x27\xa9\x63\x07\x24\x5d\x2e\x99\x8a\xe5\x67\x2f\xae\xe1\x66\xb5\x9b\xed\x56\x13\xb4\x51\xb3\x79\x66\x73\x76\x52\x06\xfe\xba\x6f\x2e\x75\x27\xee\x7f\x08\x72\xd8\x4f\x1a\xba\x13\x82\x1c\x85\x0b\x38\x06\x49\x73\xf7\xed\x10\x8f\x88\xef\xf2\x3f\x51\x48\x3c\xcf\x94\x53\x21\x43\x0e\x43\x18\x5d\x75\x6e\x59\x60\x1b\x15\xc4\x59\x84\x4c\x1e\x87\xa1\xcf\xf7\x7b\xbd\xec\xf4\x77\x98\xcd\x7b\x36\xa3\x36\xf1\x43\xde\x13\xd3\xd3\x63\xd8\xe1\x3d\x69\xc9\xf3\x99\xd3\x7b\x13\x92\x60\xe2\x52\x39\x23\x2c\x76\x2b\x30\x21\xfd\xb4\xc6\xbb\x8f\x01\xb6\xc9\x19\x09\x5c\xe6\x5c\x08\x5d\xc5\xe1\xfb\xa8\x1f\xa7\x13\xa0\x90\xb8\x47\x14\x41\x37\x95\xee\x59\x05\xc0\x90\xeb\x37\x2e\xc5\x81\x61\xed\x12\x59\x05\x2c\x16\x15\x7b\x74\xeb\x7a\x24\xab\xcb\x9b\x5f\x54\xc9\x62\x5d\x8d\x65\x53\xd7\xfc\xa2\xee\x04\x8f\xc8\x3e\x7a\x7c\xec\x1e\x9e\x0c\x87\xe2\x0f\x73\x49\x21\x24\x76\x6a\x58\x68\x02\xff\xba\xea\xf4\x8c\x32\xba\x7c\x9c\xd8\x36\xd4\x8f\xd0\xfb\x1c\x34\xbc\x41\x62\x26\x20\x76\xab\xba\x76\x32\xcc\xb4\x57\x6c\x85\xa5\x1d\xa3\x9b\xcd\x15\x37\x58\xa8\xbd\x87\xa7\x27\x1f\xa4\x7e\x9c\xc7\x1c\x09\x45\x72\x0f\xd4\xb7\xb4\xb5\x45\x94\x2d\x6d\x45\x9d\x7c\x2b\xca\xb7\x43\x95\xfb\xa0\xea\xe6\x9c\x1c\x5f\xfe\x38\x3d\xff\x2c\x9b\x35\xfc\x58\xda\xa6\x0f\x01\x9b\x94\x20\xa4\x1d\x6f\xe0\x3f\x93\x87\xd8\x66\x92\xff\x55\x6c\xde\xf3\x3f\xb9\xbe\x8b\xdb\xab\x7c\xa7\x2f\xe4\xfe\x9d\x48\x18\x16\x25\xa3\x1b\xcc\x15\x5e\x89\xa7\x77\x7b\x5c\x29\x80\xe2\x55\x45\x8f\xcb\xf6\x29\x6d\xfa\x7c\xeb\x12\xcf\xa9\xea\xac\x7c\x79\x86\xc3\xf1\xbe\x14\xb3\x5d\xd1\x18\x31\x5b\xf2\xdd\x10\xdf\x4d\xec\x98\xf5\xe1\xe4\x3d\x0e\x5c\xa1\x2d\x55\x7f\xa3\xaf\x97\xdf\x9e\xf2\xc3\xc4\xfb\xf3\x7c\x3f\xce\x02\x72\x4f\x68\xa8\xd5\xfc\x64\xf1\x4b\x9b\x24\xf7\x08\x11\x1b\x09\x81\xeb\x42\x87\xa9\xf8\x1e\x17\x5f\x8e\x8f\xcf\x2a\x17\xc2\x2d\xf6\x38\xc9\xce\xfd\x7b\xe6\x45\x13\xf2\x55\x1e\x95\xec\xe7\xcb\x9c\x88\xc7\xea\x03\xf4\xc4\x1c\xe9\x31\x3f\xec\xd9\xd4\xed\xdd\xb8\x05\xe1\xaf\x07\x80\xba\xd6\x8d\x4b\x2d\xc7\x0d\xa6\x16\x46\x42\x5b\x16\x46\x49\xd8\x75\xaa\x8b\xa3\x24\x34\x8b\xb3\xcb\x01\xf3\x3c\xa2\xbc\x7c\x6b\x94\x2c\x5c\x43\x34\x24\xb6\x0c\x37\x03\x9d\x69\x1e\x3f\x60\xa3\x00\x4f\x78\x82\x07\xfa\xec\x4a\x80\x6b\xc0\x22\x51\x86\x2e\xd6\xcc\x2f\xba\x55\x02\xab\x25\x52\x0e\x65\x60\x55\xa8\x2b\x25\xb8\x5a\x86\x96\xdf\x38\x31\x3b\x72\x70\x36\x8c\xb7\x7b\x37\xd8\xbe\x13\x13\x24\xb1\x3c\x54\x4c\x91\xa3\x83\xcb\x83\x8b\xcb\xd3\xf3\xe3\xeb\xcb\x7f\x9e\x55\x83\xa6\xb9\xfb\x2e\x80\xa5\x34\xc6\xf1\xc8\x17\x3b\xdc\x7d\x94\x78\xd3\xc9\x03\x3f\x89\xe3\xf1\x8a\xa9\x68\xc3\x87\xe3\x2f\xc3\xff\x2d\xea\xff\x74\xf0\x79\xef\xe2\xe2\xf8\xfc\xfb\xf0\xf0\xb8\x2d\x76\x2c\x7a\x59\x16\x6d\x82\xf9\x7e\xff\xc0\x6e\x98\x78\x30\x4c\x1b\xe7\x1f\x07\xc3\xcb\xeb\x0f\xa7\xe7\xd7\xc9\x80\x57\x8e\xb5\xd4\x7c\x0b\xa3\x2c\xd0\xb9\x35\x20\x0b\x14\x7e\x1a\x10\x1e\x33\xc6\x49\x32\x13\x73\x56\xd2\x62\x43\x0f\x0f\xbe\x0c\x0f\x4f\x63\x71\x39\x3c\xf9\x78\xfd\xd7\xc1\xe1\xe7\xe3\x93\xa3\x27\x15\x99\x19\x63\x6e\xa1\x8b\xca\xf0\x21\xf7\xf0\x52\x33\x10\x9b\x7c\xf7\x56\x4d\x79\x87\xf8\x1e\x7b\x98\x88\x6d\xbf\xb4\x23\x95\x77\xfa\xcb\xb7\x8b\xcb\xe3\xf3\x29\x2b\x6f\x8f\x6f\xdc\x8c\xfc\xe2\x84\x38\x88\x42\x66\x39\x24\x24\xb6\x12\xdb\x7f\x7d\x3c\x43\xc3\x33\xa1\xf0\x8b\x3d\x5e\xc5\x38\x0f\xab\xc5\x01\x8e\x42\xa6\x8a\x2b\xd6\x75\xac\x0c\xfd\xc3\xb3\x7c\xfe\xdc\xf7\x1b\x9e\x7d\xdf\x3e\x3b\x3d\xfd\x72\x5d\x4c\x69\xd4\x74\xe0\xfd\xc4\x0f\x25\x40\x22\xa6\xb8\x90\xdc\x72\x4d\x45\x94\x12\x0f\x39\x44\xfa\x90\xc8\x93\x10\xb1\x65\xf7\x5d\x79\x32\xa2\x0e\x1e\x9c\x3a\x38\x19\x9e\x0d\x4f\x86\x67\xcf\x54\xb6\x5f\xca\x29\x22\x5d\x8d\xd1\xf0\xec\x7e\x1b\xf9\x8c\x79\xa9\x7e\x6b\x9c\x0b\xcb\x33\x00\x46\x09\x22\x72\xfb\xd4\x45\x67\xcc\x91\x2e\x35\xda\xa4\x9e\x2f\xd9\x1e\x33\x4e\xa8\xd2\x12\xa4\x05\x5e\xee\x86\xbb\xe8\x70\x8c\xe9\x48\x08\x04\xf9\x50\x1d\xbc\xa8\xb3\x4b\xf3\xf8\x48\x95\x3a\xc6\xf7\x85\x72\x29\xd3\xfb\xbc\xae\xda\x8d\xf0\x31\x8b\x3c\x07\xdd\x0a\x5d\xf8\xa7\x1b\x8e\x5d\x8a\x2c\x2b\x8e\x12\xb0\x5d\xa7\x4a\x25\xc9\x4f\x94\xc3\xe1\xd1\x79\xe5\x44\x11\x7b\x0c\x55\xa4\x48\x96\x37\xe3\x8a\x66\x1d\xb9\x5c\x39\xe1\x88\xfd\x81\xc7\x46\xb2\x8b\x9c\x49\x6b\xa1\x1d\x7a\xe2\x11\x97\xe6\xcb\xaa\x05\xa1\xdb\x73\x34\xbc\x38\xf8\xeb\xcb\xf1\xf5\x87\xe1\x97\xe3\xeb\x2f\xa7\x1f\x3f\x0e\x4f\xca\xb5\xf5\x7a\x80\xfe\x40\x3c\xf7\x57\xe2\x3b\x25\x3e\xa8\x50\x02\x92\x4f\x8d\xed\xf8\x38\xe5\xe0\xf0\xf0\xf8\xec\xb2\x56\x1e\x1e\x1d\x7f\x38\xf8\xf6\xe5\xf2\xf8\xe4\xe8\xec\x74\x78\x72\x79\x79\xfa\xe9\xf4\xe2\xf2\xe0\xf0\x72\x78\x7a\x52\xbd\xb2\x64\xb1\xd5\xc3\x34\x3c\xbb\xdf\x15\x93\x2b\xd5\x19\x6a\x9b\x30\x3c\xfb\xbe\x7b\xf1\xed\xec\xec\xf4\xfc\xb2\x8d\x16\x99\xf9\x30\x72\x44\xe2\x2f\x13\x32\xf9\xa5\xea\xea\xfc\x72\xfa\x51\x7c\x84\xb3\x83\xcb\x4f\x95\x75\xa6\x27\x73\xd3\xab\x14\x60\xc2\x1f\xb8\xc7\x46\x53\x6a\xbd\x38\xfe\x7e\x7c\x3e\xbc\xfc\xe7\xc5\x3f\x2f\x2a\x2b\xae\x44\xc6\x42\x37\x79\xe8\xb0\x28\x6c\x5a\xe5\xe1\xf9\xf1\x71\xf5\x57\xfd\x81\x03\xea\xd2\x51\xbe\xf2\x6c\x71\x9f\x8e\x0f\xbe\x5c\x7e\x3a\x3e\x11\xd3\xb8\x5c\x6a\x96\x4f\x5d\x4e\xec\x28\x70\xc3\x87\x43\x46\x43\xf2\x2b\xcc\x41\x9e\x1f\xb8\xf7\xae\x47\x46\xc4\x89\x2d\x72\xe9\xbb\xa2\x83\x42\xfc\xfc\xef\x88\xf0\xc2\x06\x02\x21\xdb\x8f\xf6\xd1\xe6\x4e\x7f\x62\xbe\xf0\xdc\x7b\x42\x09\xe7\x67\x01\xbb\x21\xb9\x2c\xe3\x30\xf4\x3f\x92\x7c\x9b\x10\xf2\xd5\xbe\x21\xce\x5a\x78\x2d\xf5\xd0\x77\xfd\x77\xef\xf2\x6f\xc4\x6a\xdc\x47\xf2\x78\x4b\xfc\x33\xd7\xd7\xac\x61\x66\xd0\xcf\xbe\x76\xa9\x1b\xba\xd8\x3b\x22\x1e\x7e\xa8\x4c\x74\x8b\x5d\x2f\x0a\xc8\xe5\x38\x20\x7c\xcc\x3c\x67\x1f\xed\x66\x87\x0c\x3b\x6e\x55\x6f\xc9\x2f\xc3\x78\x9c\x8c\x99\xb6\xa6\xe4\x9f\x5b\x48\x6c\xbb\x7a\x15\x9b\x09\x95\xc2\xba\x71\x03\xc7\x12\x75\x3e\x94\xbc\x94\x53\xb6\xec\x6d\xed\x38\x34\xde\x21\x7a\xee\x4d\x6f\xc2\x9c\xc8\x23\x85\xef\xa3\xa6\xad\xe7\xde\x58\x15\x09\x44\xa3\x4e\xa9\xf7\x50\x9c\x73\xf9\x5a\x82\x88\xf6\x7e\x85\x62\x09\xf2\xae\xc7\xec\xbb\xf2\xaa\x74\x0a\xab\x2c\x45\x5a\x97\x42\xb2\x9a\xca\xee\x71\x20\x2b\xd4\x67\xc1\xa5\x55\xdd\xe3\xc0\x0a\x22\x6a\x95\xa7\x69\x59\x99\x18\xc3\x69\x95\x89\x61\x6c\x55\x99\xfa\x82\xd9\xfd\x72\xec\x9e\x69\x6c\x99\x4b\x76\xae\x15\x5f\x4c\xac\x24\xd9\xe8\xdc\x34\xaa\x99\x07\xd6\xd4\xd1\xaa\x2f\xb4\xea\x4b\x58\x53\x07\x66\x7a\xb9\x65\x83\x6e\x4d\x99\x48\xf5\xa5\xd6\x4f\x52\x75\x06\xf8\xc1\xf5\xc8\x69\x70\x98\x71\xd3\x32\x1d\xa0\x63\xbb\xe3\xe1\xc9\xb0\xcc\xa6\x50\x6e\x68\xa9\x6f\x56\xa9\xf9\xc6\xaa\xb6\xb5\x4c\x2f\x31\x67\xc3\xb9\xa2\x6f\xd0\xa1\xf6\x7e\xf4\x3c\x65\x0a\x88\x78\xc8\x26\xe7\x5a\x72\x1c\x11\x79\x14\x26\x3d\xf1\x68\xe2\x71\x2d\xb3\x29\xab\xb6\x61\x67\x49\xbd\x95\xd1\x44\x4d\x4f\x7d\x3c\x6e\x9e\x32\x63\xdf\x4d\x0f\x9a\xab\x1c\xd7\x2a\x9a\x90\x3b\x8f\xd6\xe3\x50\xe2\x3f\xd9\x2d\xf7\xdb\x33\xce\x9b\x6d\x26\x3e\xa9\x56\x5d\xc5\x93\x91\x72\x23\xab\xc8\x28\xdd\xf5\x52\xff\x2c\x7d\xec\x1d\x9f\x6d\xcb\x46\x4b\xc5\xf2\xd0\x6c\x86\x7a\xeb\x7b\x51\x80\xbd\xd2\x66\xaa\x04\xdc\xa5\xa3\xc8\xc3\x41\x59\x92\xc4\xf9\x6c\x49\x43\xa8\x46\x30\x76\x4c\x7c\x8a\x61\xfb\xeb\xe3\xd9\x19\x21\x41\x76\xac\xb2\x9e\x92\xe9\x00\xe9\xe7\xc9\xa8\x2c\x7f\x5c\x9e\x7e\x5e\xfd\xf5\xf1\xac\x66\x56\x55\xb8\x9b\x66\x86\xac\x7c\x46\x2d\x79\xec\xb4\x9b\xf3\x53\x8c\xd8\xf0\xec\x8c\x31\x2f\x3b\x4e\x19\xaf\xeb\x74\x74\xd4\xe3\x55\x8d\x49\xc6\x79\xfd\x29\x46\xe6\x13\xe3\xe1\xb1\x6e\x40\x76\x7c\x4a\xfc\xea\xd3\x51\x32\x5f\xae\x6a\xac\x4a\x1c\xdf\x9f\x62\xc4\x74\x59\xc3\xb4\x19\xd9\x71\xab\xf4\xcf\x4f\x47\xaf\x98\x64\x55\x63\x58\x1a\x9c\xf1\x14\xa3\xf8\x51\x36\xc4\x8c\x78\x7a\xc8\x0e\x63\x4d\x18\x49\x3a\x90\xc5\x44\x0f\x4f\x32\x92\x9c\x3c\xcd\xea\xcd\x8c\xe2\x05\x09\x6b\x86\x30\x0d\xb5\xa9\x18\x3e\x4e\x56\xb6\x92\x67\x9c\x7f\x27\xb1\x63\xa1\xb3\x90\xc1\xab\x99\x7c\x53\xa6\x5d\xf9\x84\xcb\xbb\xec\x97\x07\x34\xcc\xee\x3f\x29\xfe\x27\x5d\xab\x28\x41\xdd\x43\x8f\x45\xce\x59\xc0\xee\x5d\x87\x04\x89\x75\xed\x77\xec\x80\x3a\x4b\x3c\x81\x34\xdc\x1a\xa5\xfe\xfe\x6d\xc5\xc2\xb0\x41\x6c\x41\x65\xee\xd4\x21\xdc\x6c\x43\xe1\x93\xf5\xee\xb7\xaa\x24\x76\xc1\x29\xd2\xd4\x27\x2c\xd7\x77\x7d\x6b\xa0\x3f\x91\xe9\xca\x67\xbb\x4e\xa0\x7b\x65\x9a\xa3\xf5\x5b\x91\xed\x2b\x73\xc8\x3e\xd2\x27\x1b\x49\xd9\xe1\x69\x14\x8e\x98\x4b\x47\xb1\x25\xa3\xe6\xeb\x9e\x31\xa7\xe6\x93\xda\x61\xed\xd8\x25\xad\x2d\xf1\xa1\x93\x96\xba\x10\x07\xa1\x9a\x9e\xfb\xe8\x94\x7e\x50\x66\x2a\xf1\x2e\xef\xcb\x56\xe9\xcf\x55\xe6\xc9\x55\xed\xb4\x56\x96\x3a\x77\x58\x6f\x95\x75\x30\xe3\x5f\x14\xbf\x88\x87\x3a\xe3\x5a\x74\xe3\xd2\x1e\x1f\x5f\x75\x36\xd0\x55\xc7\xb2\xd5\x7f\x93\xa2\x10\xf6\x7d\xef\x01\x59\xb7\xd5\x93\xa9\xfb\x80\x27\x5e\xe2\x91\x94\x9e\xae\xd7\x9f\x8c\x6b\x4b\xaa\x71\x1e\x2e\x5f\x94\x98\xc5\xac\xec\xdc\xca\x9e\x14\x65\x6c\x58\x8c\x85\x3d\x09\x33\x86\x65\xa6\x26\x77\x72\x48\x95\x9b\xc4\xb5\x8b\x4e\x8e\x6c\x48\x32\xbe\xa1\xda\xf3\x6f\x6a\xbe\x74\x87\x3f\x65\x30\x65\x04\x88\x1c\x04\x15\x00\x42\x10\x09\x6d\x07\x5d\x7e\xb9\x40\x9c\xd8\x81\x90\x6c\x86\x2f\x65\x86\x31\x49\x13\x1b\x34\xe2\x18\xd0\x01\x53\x17\x52\x3e\xc4\xf3\xa7\x17\xbb\x3f\xf3\x9e\x8c\xd6\x52\x0d\x9a\x46\x3c\x90\x27\x8d\x17\x53\xcc\x67\x94\xd0\x69\xec\x03\x85\x8c\x2b\x65\x22\xc8\xd7\x9e\x65\x25\x38\x91\xd1\x4e\x38\x20\x2a\xf6\x51\x19\x90\x74\x0c\xb1\xec\x79\xec\xf2\x38\x43\xf4\x72\x4d\x0c\x66\x4d\x20\x7f\x12\xa0\xf9\x46\xc0\x9c\x6a\xdb\xdf\x11\x91\x01\x97\x21\x43\xf6\x98\xd8\x77\xb2\x65\xf2\x94\x93\x50\x7b\x86\xe8\xd0\x34\x16\xbc\x22\x38\xf4\x0d\x1a\x9e\x1d\x7c\xcd\xf9\x86\x4f\x30\x75\x75\x14\x12\xfa\x39\x26\x54\x87\x8a\x89\x57\x72\x94\xb4\x4b\xf8\x82\x23\x73\xab\x02\xd0\x17\x10\x21\xea\x31\xfb\x4e\x7b\x9e\x67\x02\x9f\x5d\x1f\x4f\xe4\xcb\xdc\xb3\x31\xa6\x8e\x37\x43\x58\x6d\x75\x48\xb0\xfa\x5b\x8d\x9e\x9e\x90\x92\x17\x03\xdb\x36\xe1\xd2\x11\x57\xc7\x41\x97\xed\xc2\x16\x33\x0a\x8d\x03\x9b\x33\x1d\xac\x0d\x92\xad\x8e\x7a\x5d\xe6\xaa\x5e\x46\xc0\x6c\xb1\x9a\xf6\xc1\xb3\xc5\x32\x56\x13\x48\xab\xa1\x1f\xd8\x64\x80\x4d\x06\xd8\x64\x80\x4d\x06\xd8\x64\x80\x4d\xa6\x31\x9b\x4c\x99\x06\xb4\x04\x86\x99\xd2\xd4\x40\x3b\x03\xb4\x33\x40\x3b\x93\xf9\x80\xe5\xa3\x12\x07\xc2\xca\x01\x31\x62\xdb\x42\x26\x92\x8a\x2f\xaa\x76\x71\xd8\xf3\x98\xbd\xd8\x4e\x3e\xbf\x9d\xd3\x22\x16\x26\x9e\x64\x40\xb3\x72\x6f\xfc\x97\xe8\x21\x4a\xfb\xaf\x50\x04\x7b\x9c\x89\x79\x27\x67\xb3\x54\x50\x6e\x1e\xe4\x3a\x53\x1f\x48\x06\xbf\x20\x3c\x1a\x05\x64\x54\x2d\x74\x17\xf4\x2d\x2a\xd5\x03\x2d\x59\xd5\x64\x91\xb3\x63\xe2\x8e\x34\x0a\x64\x94\x68\x75\xc3\x9d\x3c\x61\x29\x99\x7e\x36\xa6\xda\xa1\xfa\x4d\xb2\xce\xa4\xf7\x75\xa8\x17\x9a\x74\x27\x15\x6b\x13\xd3\xac\xd7\xb4\x22\xa5\x49\xa9\x33\x64\x23\x4a\x87\x02\xfb\x3e\xaf\xed\x79\xda\xc4\x9a\xef\x05\xac\x4d\xab\x65\x6d\x9a\x66\x70\xcc\x04\x03\x24\x96\xc7\xb5\x23\x74\x52\xa4\x4a\x5c\x6c\x8f\x64\x78\xc5\x4c\xdc\x48\x40\x8a\x04\xa4\x48\x59\x52\x24\xa1\x88\xad\x19\x23\x52\x59\x37\x2d\x95\xd6\x4c\x08\x5c\x47\x8b\xe5\x3a\xaa\x81\xd8\x3b\xc7\xb1\xec\xc0\xe1\x1a\x5d\xc1\xe9\x73\x76\xa7\xcf\xe5\xbb\x7c\xa6\x1a\xf3\xd3\x78\xe8\x1d\x7c\xfd\x2b\xf5\xb3\x4e\x9d\xf4\xb2\x6a\xbc\xe9\xa7\xa7\xdf\xac\xc4\x1d\x36\xab\xda\x3e\x89\xd3\xa7\x68\x42\x4c\x43\x94\x1d\xa4\x52\xc5\xdb\xf0\xf7\x34\x5e\x3f\xac\x6a\x26\xe9\x7d\xd6\x53\x4d\xa5\x4f\xb2\xfa\xe2\x5c\xca\x6c\xff\xb2\x93\x69\xac\xb3\xac\x66\x7c\xf4\xfe\xee\xa9\xc6\xe7\xd0\x70\x4d\x30\xc7\x27\xb3\xed\xcc\x8e\x4f\xac\x96\x82\xf3\x79\xd1\xf9\x7c\x25\x63\xf2\xf4\xb2\x6d\xe1\x8e\xe7\xab\x58\x6b\xeb\xe4\x74\xbe\xfc\xf1\x78\x19\x0e\xe7\xcb\x1f\xa7\x97\xed\x6c\xbe\xfc\xf1\x7b\x0d\x8e\xe6\x2b\x1e\xc5\x17\xe3\x64\xbe\xfc\x71\x7b\x61\x0e\xe6\x2b\x1b\xb0\x36\x53\x6c\x39\x83\x55\x98\x5f\x35\x33\xab\x30\xa7\xa6\x5b\x7b\xa5\xb1\x2f\x63\xeb\xad\x63\x68\xb6\x1a\x30\x34\x03\x35\x33\x50\x33\xa3\xfa\x4e\x23\xa0\x66\x5e\x04\x35\x73\x29\x75\x30\x2a\xa7\x3e\xde\x47\x9e\x4b\xa3\x5f\x71\xaa\xe5\x10\x0c\xab\x07\xa5\xc1\x1b\x08\x08\x87\xe7\x23\x1c\x9e\x16\x4e\xa0\xe7\xd4\x34\x42\xe2\x1c\x07\x34\x30\x13\x97\x30\x13\x6b\x17\x0d\x9e\x75\x65\xc9\x1d\x8c\xcb\x13\xd0\xf4\x48\xa5\x6b\x96\x37\x0c\xf5\x31\x7c\xec\x7d\x2f\xd0\x40\x1e\x9a\xb9\x62\x96\x15\x5d\x5c\x36\xc4\xd8\x9a\x17\xc1\x60\x2f\x47\x69\xf3\x26\x6e\x4c\x7c\x26\x59\x51\x79\x1c\x71\xa3\x53\xab\xe3\x1e\x63\x62\xb5\xe2\x3d\x36\xb8\x35\x7a\x99\xe3\x23\x19\xad\xa4\xab\x98\x4a\x87\xfc\x8c\x78\x75\xd7\x94\xa8\xb1\x31\x5d\x51\xc2\xfc\xa2\xe8\x4b\xa4\x32\x98\xaf\x2f\x35\x7b\xa8\xd9\x5c\x46\x90\x92\x2f\x77\x0e\xa2\xdc\x29\xbc\xdf\x40\xf8\x0d\x84\xdf\x40\xf8\x0d\x84\xdf\x66\xef\x80\xf0\xbb\xb0\xd3\x06\xc2\xef\x6c\x6b\x16\x40\xf8\x0d\xc4\xd7\x40\x7c\x0d\xc4\xd7\x40\x7c\x0d\xc4\xd7\x40\x7c\x0d\xc4\xd7\x95\xa3\x61\xb0\x41\xc7\x4e\xb0\x75\x75\x36\xe7\x83\x9e\x5e\x16\x90\x41\xa7\xaf\x81\x0c\x5a\xa6\x00\x32\x68\x20\x83\x9e\x85\x0c\xda\x02\x32\x68\x20\x83\x5e\x00\x19\x74\xda\x8b\x0c\x41\x94\xe3\x06\xf2\xd8\xec\x41\x2a\xbf\xf9\x93\x02\x33\xca\x53\xa9\x5f\xd9\x1d\xbb\x54\x8f\x25\x6d\x4f\x2e\x42\xcf\x28\x28\x7b\xda\x90\x84\xd4\x1a\xd1\xb4\x66\x89\x71\xc0\x1f\x57\x2a\x23\xc9\x1c\x07\x48\xd8\x4f\xcd\x04\x25\x63\x5f\x6f\x1c\x6e\x38\xdf\x32\x26\xe8\x95\xf0\x01\x36\x74\x79\xc8\xb3\xbe\x24\xee\x0f\x17\x84\x24\x27\x54\x23\x37\x1c\x47\x37\x5d\x9b\x4d\x7a\x19\xf7\x8d\x5e\x91\x33\x66\x9a\x17\x82\x76\x5b\x48\xb6\x94\xed\xc8\x73\x66\xf6\x51\x28\x2b\xaa\x78\xe8\xde\xf6\x10\x3a\x39\x80\x56\xbb\xa0\xb4\x7c\x39\x1b\x65\x34\xb8\x3a\xc0\x92\x6e\x29\x1e\x91\x4a\xf3\x3d\x51\x8b\x3d\x66\xc4\x0a\x88\xef\xb9\x36\xe6\xd2\xc1\x00\x21\x9e\x7a\x3f\xa4\xe8\x71\x4e\xd2\x08\xe3\x69\x8e\x07\x53\x87\x30\x4e\x54\x3e\x8c\xa8\x89\xef\x42\x79\xb1\x8b\x3a\x8f\x87\xa3\xf1\xf2\x76\xaf\xe6\x68\xbc\xf8\x6d\x73\xc7\xe4\xa5\xf6\x5a\xab\xd9\xbc\x43\xd9\xc3\xa7\x34\x41\x43\x63\xa9\xb6\xc5\xfd\x1c\xbb\xf6\x18\x99\x5c\x7d\x21\x43\x41\x44\x2b\x76\x80\x7a\xd7\x74\x7d\x78\x7a\x72\x79\x7e\xfa\xe5\xcb\xf1\x79\xd5\x7d\x40\x45\x45\xbb\x95\x91\x35\xcf\x21\xa9\x7e\x0b\xdd\x15\x44\x3c\x50\x3b\x83\x31\xb1\xef\x2c\x93\x26\xc6\x4c\x66\x95\x85\x1d\xcc\x22\x66\xda\x60\x70\x91\xfd\x71\xb7\x19\xfb\x63\x33\xe2\xc7\x75\xa5\x7e\x04\xd6\x47\x60\x7d\x7c\x11\xdc\x25\xc0\xfa\x38\xd3\x82\x7e\x11\x84\x8f\x6b\x43\xd2\x08\xfc\x8c\x2a\x0f\xf0\x33\x02\x3f\x23\xf0\x33\x02\x3f\x63\xfc\x0e\xf8\x19\x81\x9f\x11\xf8\x19\x81\x9f\x11\xf8\x19\x81\x9f\x11\xf8\x19\x97\xcb\xcf\x08\xd4\x8c\x40\xcd\x08\xd4\x8c\x40\xcd\x58\xa0\x66\x1c\x00\x35\x23\x50\x33\x3e\x17\x6a\x46\xe0\x67\x5c\x2d\x3f\x23\x30\x34\x56\x30\x34\xae\xe8\x72\xee\x17\xc4\xd2\xb8\xba\x19\xb5\xbe\x4c\x8d\xab\x1b\xa3\xf5\x65\x6b\x5c\xd9\xb5\xf8\x6b\xc6\xd8\xb8\xb2\x71\x79\x7a\x89\xb7\x70\xd6\xc6\x55\xad\xbb\x75\x62\x6e\x5c\xcd\x98\xbc\x0c\xf6\xc6\xd5\x8c\xd5\xcb\x66\x70\x7c\x82\x4b\xee\x5f\x28\x8b\xe3\x13\x8c\xe4\x8b\x61\x72\x5c\xcd\xd8\xbd\x30\x36\xc7\x95\x0e\xda\x9a\x33\x3a\xbe\x36\x5a\x47\xec\xfb\xbc\x91\x8b\x13\x70\x39\x02\x97\x23\x70\x39\x02\x97\xe3\x3a\x04\xac\xa4\xef\x16\xc4\xea\x68\x16\xf8\x5a\xf9\x1d\xe3\x75\x7e\xe8\x61\xce\x4f\x8c\xd3\x56\x39\x46\x56\x3c\x1d\xe2\xe4\x40\x07\x89\x80\x0e\x72\x3d\xe9\x8b\x80\x0e\x12\xe8\x20\x81\x0e\x12\xe8\x20\x81\x0e\xf2\x85\xd0\x41\x4a\x3e\x38\xc7\x11\xca\xc0\x07\x8f\xfc\x42\xdf\x65\x07\xd0\x51\xe0\x8a\x2d\x87\xdc\xa8\x28\xc8\x10\x29\x7c\x12\x08\x05\x09\x7d\xa3\xee\x2f\x74\xc4\x26\xd8\xa5\xe8\x82\xd9\x77\x44\xc6\x19\x61\xcf\x63\x3f\xd1\x91\x7b\x27\x76\xe1\x19\x0c\x95\x6e\x61\x93\x49\x44\x5d\x1b\x87\x44\xed\xc7\x14\xc5\x13\x53\xb5\x10\xa4\x4c\x39\xe8\xe2\x81\xda\xe8\xe0\xac\x8c\x95\xe3\xd6\x23\xbf\xee\x99\x67\x39\xb2\x69\xe5\x80\x2a\xba\xf0\x9d\x79\xc3\xc9\x28\x0b\xa9\x95\x9f\xa5\xbc\x70\xab\x48\x67\x54\x18\xee\x6c\x33\x80\x55\x13\x58\x35\x81\x55\x33\xf7\x03\x56\x4d\x60\xd5\x04\x56\x4d\x60\xd5\x04\x56\xcd\xaa\x61\x02\x56\xcd\x46\x9f\x13\x58\x35\x93\x6c\xc0\xaa\x39\x7d\x1c\x80\x55\x73\xdd\x59\x35\xe3\xca\x54\x11\x6a\x97\xc3\x1f\xa8\x9d\xcf\x5e\xd6\x73\x31\xcf\xf0\x88\xd0\x64\xe5\x00\x45\x27\x50\x74\x02\x45\xa7\x51\xe2\xb3\xa3\xe8\x2c\x7e\x7d\xad\x77\x57\x1b\x9c\x4a\xd6\x56\x39\x4c\x54\xb4\x47\x4d\xc2\xa3\xf8\xcb\x14\x67\x22\x2a\x2e\xbe\x02\xb2\x94\xcd\xd7\xa2\x15\xad\xd8\xd2\x29\xd6\xa6\x05\x34\x39\xe2\x72\x9c\x85\xb8\x36\x4e\x44\xe5\x3f\x3d\x12\x5a\xda\x9d\xa6\xa7\xa0\xb1\x27\x93\x25\xbd\xfb\x7f\x91\xb3\x28\xda\xd4\xd6\xa4\x47\xcf\x9b\xa7\x75\x41\x4c\xad\x89\x63\xd1\xb3\xa1\x67\xad\xa4\x56\xe5\xf3\x70\xab\xb6\x77\x67\x2a\xeb\xe4\x1a\x53\xb4\x56\xb9\x27\x3d\xa5\xcb\x0e\x78\xcf\x94\xb7\xfb\x99\xd0\xbd\x56\xbb\x92\x24\xc6\x9c\x9c\x37\x09\x10\xc4\xae\x07\x41\x6c\x91\xaf\xf5\x2d\xf0\xb5\x02\x5f\x2b\xf0\xb5\xbe\x10\x2e\x23\xe0\x6b\x05\xbe\x56\xe0\x6b\x05\xbe\x56\xe0\x6b\x05\xbe\x56\xe0\x6b\x05\xbe\xd6\x97\xc5\xd7\x5a\xa9\x74\x01\x91\x6b\xbd\x9a\x08\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x9a\xcd\x06\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x10\x8a\x02\x44\xae\x40\xe4\x0a\x44\xae\xcf\x85\x2f\x71\x4d\x19\xb3\x80\xc8\x15\x88\x5c\x81\xc8\x15\x88\x5c\x81\xc8\x15\x88\x5c\x81\xc8\x15\x88\x5c\x75\x15\x40\xe4\x0a\x44\xae\x4f\xa9\x96\x02\x91\x6b\xbe\x2b\x40\xe4\x9a\xfb\x01\x91\x6b\xa3\x89\x02\x44\xae\xc5\x36\x01\x91\x2b\x10\xb9\x02\x91\xab\xfc\x01\x91\xab\x39\x4c\x40\xe4\x0a\x44\xae\xe9\x0f\x88\x5c\x81\xc8\x35\xee\x05\x10\xb9\x4e\x99\x6f\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\x40\xe4\x0a\x44\xae\xeb\xe3\x3d\x03\x44\xae\xa6\xac\x01\x22\xd7\xb9\x88\x5c\xf7\x1a\xf2\xb8\xbe\x51\xb6\x47\x49\xf9\x80\xc6\x24\x90\xd1\x76\x73\x90\xf9\x69\x3f\xe6\xe6\x8c\x7e\xed\xc8\x84\x9a\xd1\xee\xa1\x3a\x46\xa1\xc5\x32\x87\xa5\xf4\x33\x8b\x65\x4c\xad\xed\x02\xca\x92\x96\xb5\xaa\xb9\x8e\x52\x70\x21\xbc\x85\x8b\x28\x72\x36\xd2\xa8\x3c\x15\x50\xe5\x27\x4f\x1d\xf0\xe7\xe7\xdf\x9b\x65\xca\xad\x8e\x06\xf0\x05\x32\xd4\x2d\x81\x8d\xae\x2d\xf1\xdc\x34\xa2\xae\xf6\x73\xb4\x15\x27\x51\x36\x56\x04\x88\x89\x66\x20\x26\x7a\xf3\x46\x3a\x84\x67\xa4\x9e\xc9\x35\xdc\x8c\x33\xa8\xfc\x74\x70\x1a\x63\xd0\x1b\x74\xc9\xf4\xa1\xa6\xa2\x0e\xda\x40\x5c\x3a\x77\xb9\x5c\x9d\x9b\xe8\x02\x25\x81\xd0\x55\x07\xfd\x17\xa6\xce\x7f\xc9\x24\x18\x51\x46\xad\xff\x90\x80\xe9\x43\x3d\xa1\xbd\x2a\xf6\xa1\x78\x7b\x24\xcb\x97\xc1\x06\x5d\x84\x7e\x10\x14\x10\xa1\x5f\x88\xbe\x2a\x8b\x8c\xe6\x2a\x32\x7c\x70\x27\x4c\xf2\x07\x61\x8a\x76\xfa\x5a\xf9\x46\x07\x37\xec\x9e\xa0\x41\x5f\x3f\x40\x6e\xa8\xec\x46\x6f\x10\xe1\x9c\xd0\xd0\xc5\x9e\x50\xbf\xa6\x50\x1c\xcd\x4a\x04\x74\x45\x1b\xd1\xf7\x34\x62\xef\x29\x27\xef\xe9\x9b\x09\x4a\xb9\x7b\x4c\x9e\x97\x69\xcc\x3d\x05\xe2\x9e\x1f\x07\xe7\x27\xc3\x93\x8f\xf9\x54\x6d\xa8\x7b\x66\x63\xee\x49\x88\x7b\x06\x3b\xfd\x7e\xf6\x45\x39\x61\x8f\xd9\xb5\xd4\xf4\x96\x23\xb1\x41\x57\x1d\x1e\xdd\x50\x12\xaa\x74\x11\x27\x67\xcc\x39\x74\x9d\x20\x73\x90\xf6\x3b\x5b\x5f\x15\xa5\x4f\x81\xcf\x27\x5f\xd5\xdd\x1e\xbf\x16\x4b\xfc\x3a\x64\x77\x84\xc6\xbd\xbf\x38\x3e\xff\x3e\x3c\x3c\x3e\x38\x3c\x3c\xfd\x76\x72\x79\x7d\x79\xfa\xf9\xf8\x44\xf4\xbe\xba\x01\x75\x5c\x40\xba\x16\xdf\xbd\x0e\x18\xd3\xdd\x8a\xed\x2e\x99\x91\xd6\xd5\x5e\x7f\x3a\xbd\xb8\xbc\xbe\xde\x2f\x7d\x77\x76\x7a\x7e\x59\xa0\x50\x6a\xc3\x35\x94\xee\x84\x8c\x2e\x54\x4d\xc0\x52\x9e\xa1\x6a\x9a\xa1\x19\x58\x86\xe2\x7f\xa5\x1c\x43\x49\x20\x63\x83\x98\xbb\x5e\x83\x98\xbb\x94\x98\xf2\x29\x42\xef\x52\xed\xaf\xf9\x7e\x05\xa2\xf0\x20\x0a\x6f\x8d\xa3\xf0\x62\xba\x21\x63\xfc\xc4\x08\x1f\x14\x1f\xa3\x84\x43\xf6\x48\xf6\xf9\x22\xe9\xd6\x70\x44\x59\xf2\x58\x19\xb4\xc4\x72\xca\x80\x5e\xc6\x76\x78\x49\x82\x49\xd1\x07\xc2\x52\x93\xfe\xf8\x97\x1f\x10\x45\x1d\x5a\xe2\x78\xa5\x4d\x6f\xa5\x26\xc7\x62\x6a\xd3\x98\x76\xc2\xc2\x61\xc1\xdf\x19\xc5\x56\x9b\xb2\xba\x54\x7d\x3f\x5d\xea\xb0\x9f\x49\xe1\x25\xf1\x81\x6a\xb9\x99\x01\x88\xa9\x09\xab\xd4\x64\xba\x9c\xf8\xc5\x9c\x49\xaf\xa9\xc5\xb5\x07\x16\xd7\xba\x8c\xb2\x5e\xa5\x73\x59\x62\x77\x94\x5f\x62\xca\xfa\xe8\x7b\x98\xe6\xbc\x87\xd2\x42\xaf\x3a\xba\xd8\xcc\xfb\xb8\x45\x57\x1d\x63\x2c\x3b\x2d\xaa\x26\xa1\xed\xcc\x5e\x65\x3c\x0c\x49\x82\x86\x21\x97\x4d\x83\x13\xa7\xbb\xa6\xf7\xc0\x35\x7d\xc9\xae\xe9\x89\x5b\x64\xde\x03\xef\xd6\xad\x0a\xac\x49\xbc\xef\x3e\x0c\xbf\x1c\x9f\x1d\x5c\x7e\xaa\xac\x38\xe5\xab\x9d\x5e\xa5\x58\xd9\xfc\x81\x7b\x6c\x34\xa5\xd6\xc4\xe7\xef\x9f\x55\xb6\xf9\xab\x4e\xa5\x5f\x72\xa1\x9b\x3c\x74\x58\x14\x36\xad\xb2\xde\xcd\xf0\x07\x0e\xa8\x4b\x47\xc5\xca\x9f\xda\x01\x1c\x7c\x5f\x51\x3b\xdf\xd7\xef\x2b\xf4\x7d\x5d\x91\x1f\xbb\xc9\xb9\x9c\x6d\xc4\x6a\xa3\x53\xc0\xa1\x7d\x41\x0e\xed\xab\x89\xb4\x48\x6a\xb1\x5c\x6a\x0d\xcf\xe2\x0e\xcb\x25\x3c\x65\x55\x88\xd9\xd8\xde\xa3\x3a\xe5\x44\xe7\x91\xaf\x7c\x91\x93\xe3\x5b\xe9\x18\x29\x37\x6a\xb1\x89\xb5\xb6\x09\x97\xff\x3c\xfb\x74\xf0\x79\xef\x42\xdb\x5a\xda\x86\x37\x2d\x3a\xc4\xa3\x68\xf0\x2c\x83\x83\xf5\x89\xdc\x5a\x5d\x58\x11\xf8\xea\xb7\xf4\xd5\x7f\x6a\x67\xfc\x29\xdd\x49\xf2\x2e\xa4\x3f\xcf\xcc\xa9\xfe\xa5\xf8\xb9\x4f\x21\xa5\x48\xcd\xb0\xc0\x4d\x01\xdc\x14\x95\x42\xef\x55\x70\x53\xac\x1d\xb7\xc2\xf4\xc0\x93\x1e\x04\x9e\xe4\xf2\xad\x77\x00\xc8\x15\x7d\x83\x0e\xf5\xbd\x84\x9e\xa7\x70\xae\x82\x28\x94\xcb\x9b\xbb\xd4\x3d\x70\x32\x9b\x82\x7a\xc3\x6c\x96\xba\x20\xa1\x89\x9a\x26\xcb\xe5\x2a\x8d\x83\x13\x5e\xf4\xdd\x20\x25\x7e\x3c\xc0\xc0\x0f\x0c\xfc\xc0\xc0\x0f\x0c\xfc\xc0\xc0\x0f\x0c\xfc\xc0\xc0\x0f\x0c\xfc\xc0\xc0\xff\x04\x0c\xfc\xcb\x0e\xfc\x14\xff\x93\xee\x21\x94\xa0\xee\xa1\xc7\x22\xe7\x2c\x60\xf7\xae\x43\x82\xe4\x04\x35\xb9\x0d\x75\x96\x4b\x49\xe5\x49\x82\x51\xea\xef\xdf\x56\x2c\x0c\x1b\x5c\x50\x5a\x99\x3b\x75\xa9\x35\xdb\x50\xf8\x64\xbd\xfb\xad\x2a\x89\x5d\x11\x0e\xa9\x8a\xb7\x5c\xdf\xf5\xad\x81\xfe\x44\xa6\x3b\x92\xed\x3a\x81\xee\x95\x79\x3e\xa2\xdf\x8a\x6c\x5f\x99\x43\xf6\x91\x3e\xd1\x48\xca\x0e\x4f\xa3\x70\xc4\x5c\x3a\x8a\x4d\x78\x35\x5f\xf7\x8c\x39\x35\x9f\xd4\x0e\x6b\xc7\x2e\x69\x6d\x29\x4f\x78\x40\xe4\xf1\x96\x9a\x9e\xfb\xe8\x94\x7e\x50\x76\x56\xf1\x2e\xef\x8f\x53\xe9\x93\x52\xe6\x8d\x52\xed\x78\x53\x96\x3a\xe7\x7b\x61\x95\x75\x30\x63\x74\x8b\x5f\xc4\x43\x9d\xb1\xb7\xdd\xb8\xb4\xc7\xc7\x9a\xf3\xd8\x56\xff\x4d\x8a\x42\xd8\xf7\xbd\x07\x64\xdd\x56\x4f\x26\x15\xc5\x1c\x9b\xe9\x52\x03\x5d\xbd\xa3\x43\x45\x2c\x5d\x89\x35\xc6\xca\xce\xad\xac\x21\x2a\xc3\x88\xc2\x58\xd8\x93\x30\x63\x58\x48\x6a\x72\x27\xe6\xb2\xdc\x24\xae\x5d\x74\x72\x64\x43\x32\xc9\x86\x45\x4a\x73\xd9\xd4\x7c\xe9\x0e\x7f\xca\x60\xd2\x02\xd9\x03\x09\x6d\x07\x5d\x7e\xb9\x40\x9c\xd8\x81\x90\x6c\x86\x3f\x58\x12\x02\x48\xb1\x67\xdd\x0f\xba\x83\xad\x86\x21\x80\x68\x48\x6d\x2f\x72\x08\xc2\xb1\xfa\x13\x30\x8f\x24\xc7\xc9\x66\xc4\x6e\xe2\x51\xbb\x21\xdd\x79\xa9\x83\x6e\x5c\xea\x20\x57\x7a\x00\xe4\x13\xeb\x63\x32\xac\xf0\xb5\xbb\xd4\xb0\x42\x33\xa2\x30\x35\xc2\x2a\xef\xe2\xec\x2d\xe6\x3e\x73\xf8\x86\x72\x79\x53\x54\x16\x69\x4c\x61\xe9\x9d\xe3\x0d\xc3\xf8\x72\x51\x6b\x2d\x82\x15\xe7\x89\xb5\x9b\x16\xd0\x97\x1a\xbc\x1c\x97\xdb\x92\x0f\x55\x27\x97\xa7\xf0\xe2\x13\x63\xe7\x9e\x04\xa1\xcb\xc9\x84\xd0\xd4\x5d\xaa\x32\xa0\xac\xa2\x54\x79\xdc\xcb\xbb\xf3\x75\x4e\x8e\x5f\x4d\xb4\xe5\x1b\x74\x92\x58\xb5\x90\xed\x11\x2c\x9d\x72\x4f\x98\x43\x34\x44\x1b\x1e\xc9\xe8\xd6\xc3\x23\xa3\x3d\xbe\xd9\x9d\xc4\x20\x26\xdd\x24\x38\xe2\x6c\x42\x72\xb1\x29\xc6\x0e\x40\x2c\x3e\x39\xa1\x0d\x47\x64\xa3\xe4\x34\xa2\xeb\x0d\xfa\x21\x6a\x51\xcd\x1b\x63\x3a\x52\xd7\x0b\x18\x0e\x62\xa6\x62\xe3\x56\x4c\xb8\xd5\x05\x07\xa6\x06\x63\x3d\x1c\xa2\xe1\xda\x46\x68\xf4\x7f\xee\x65\x91\x5b\x07\xc6\xa4\xd5\xd8\x50\xd1\xec\x8a\x68\xca\xc2\xfa\x96\xdf\x96\x70\x33\x58\x77\xb6\x36\xd7\x46\xfa\xfa\x69\xfd\x7a\xb8\x26\x8c\xba\x21\x0b\xb8\x64\xb1\x66\x11\x47\x87\xe7\x47\x6a\x51\xe9\x0b\xed\xcb\x1a\x01\x11\x98\xcb\x88\xc0\x6c\x12\x85\x9b\x7e\xb7\x88\xc7\xc4\xd3\x52\x02\xa8\x15\xac\x50\x40\x7e\xc2\xd4\x81\x69\x41\x9f\xb0\x30\x84\xb5\xdf\xad\x72\x30\xa6\xc5\x9d\x9a\x50\xd4\x0a\xe1\xf4\x49\x5d\x72\x60\xb4\x82\x60\xed\xec\x72\xe6\x92\x8e\x69\xe2\xaa\x88\x00\x19\x2a\x21\x79\x61\x02\xf2\x77\x14\xb8\x1a\xf2\x33\xf7\x94\xdc\x6f\x76\x77\x13\x2e\x2a\x55\x4e\x4a\x48\xa5\x9d\xc3\x8c\x0b\x60\x18\x2d\xb9\x8f\xa4\x1c\x26\xda\x7f\xde\x9a\xc5\x93\x5d\x83\x4d\x3f\x20\x84\x03\xaf\x24\x1c\x58\x13\x36\x7d\xf0\xb0\xf4\xdb\xcc\x74\xe7\x0d\x3a\x8b\xa4\xbf\x9a\xa2\x43\x2b\x92\x32\xd9\x2c\x20\x8c\xf7\x6e\x55\xe6\xde\x8d\xc7\x6e\x7a\x2a\x50\xad\x77\xc4\xec\x48\xa8\x53\xb2\x49\x8a\xaf\x49\x27\xb3\x64\x93\x1f\x84\x72\xbf\x14\x6d\x58\x57\x53\x45\xb0\x91\xce\xb4\xd4\xc1\x7a\x26\x7a\x8a\x59\x0a\xad\xc1\x89\x06\xbc\x09\xad\x6a\x69\x22\xc8\xf5\xc7\x17\xab\x44\x82\xdf\x6d\x71\x16\xa4\xbb\x1a\x8a\xbd\xdc\xc4\x2d\xdb\xcf\x24\x2b\x6e\x11\xdb\x1a\xb1\x8d\x4b\x3f\xe7\x42\x97\x68\x52\x6c\xab\xe5\x49\x71\xad\xcd\x24\x3f\x9e\xb1\x7b\x51\xe3\xe1\x5c\x2e\xde\x89\xe1\x4c\xf6\x8a\x4b\x00\xbc\x05\x0f\xe6\x32\x48\x0f\x94\x27\x80\x18\x7b\x3d\xce\xe8\x7e\xab\x3b\xe8\x0e\xc4\xf3\x18\xe0\x1c\x66\xf3\xa2\xf4\xeb\x89\x84\xbd\x80\x78\x04\x73\xc2\xdf\xa4\xd9\xf2\xe1\xc0\xd2\x90\xa0\xdc\xcb\x6e\x99\xe7\xb1\x9f\x62\x87\x66\xb3\x89\xcf\x28\xa1\x61\x6c\xf9\x15\x43\xf4\x06\x21\xd3\x4f\x65\x3f\x2d\x33\x79\x6e\x53\x37\xfb\x38\x83\xb8\xfb\xf7\xfd\xee\x3b\xf1\x2a\x99\x7a\xb2\x31\x89\x65\x15\xb9\x5c\xb9\xe0\xcb\x0b\x42\x94\x74\x96\x1c\x73\xc4\xbb\x95\xac\x88\xc4\xd1\xa3\x61\xaa\x04\xdd\xd9\x2c\xb4\x7a\x7e\x25\x66\xa5\xa9\x46\x59\xb5\x89\x71\x69\x48\x82\x5b\x1c\x07\x0b\x48\xd7\x1d\xd1\xa2\x98\xca\x13\x5d\x45\xfd\xfe\x96\x6d\xc9\xff\x28\xff\x2a\xe3\xb2\x93\x78\x6f\xf6\x06\x0d\x6f\x91\x47\x6e\x43\x74\xe3\x61\x7a\xb7\x21\x86\x5f\x29\x74\x69\xf9\x2e\x8f\x9d\xeb\x53\x66\x4e\x31\xee\x7f\x72\x55\x42\xec\xcf\x2f\xc3\xa9\x64\xa9\xb2\x25\xd7\xee\xad\xec\x84\xf2\x66\x17\x4f\x86\x71\x91\xca\xa1\x5d\xef\x7b\xc7\x24\x1c\x93\x40\x28\x5a\x94\x49\x63\xd0\x04\xf3\xbf\x23\x22\xb5\xaf\x30\xc0\xb7\xb7\xae\x2d\xed\x05\x84\x87\x3a\xac\x8c\xcb\x94\xca\x17\x5d\x15\x12\x47\x0d\xea\x4d\x82\x6c\x44\x5a\x8c\xe9\x10\x9c\xdd\x05\xb6\x23\x97\x40\x32\x1f\xf7\x89\xed\x62\x6d\x62\x53\xa1\xa1\xca\xc6\xa6\xdc\x25\x6f\xdd\x51\x1c\xa2\x80\x70\x14\x32\xa1\x26\xdb\xd8\xf3\x1e\x90\xcf\xfc\xc8\xc3\x71\x78\x6e\x13\x9a\x8a\x66\x3c\x15\xd3\x89\x2a\xaa\x98\x2a\xb2\xd4\x06\x15\x5c\x15\x8f\x8f\x16\x72\x6f\x51\xf7\xeb\xe5\x37\x1d\x45\x2a\xff\xa6\x44\x3d\xea\xa3\xac\x27\x66\xc2\x23\xf1\xf8\x28\xde\xff\xfe\xad\x8b\xd0\x40\x62\xfc\xd3\xcc\xd3\x84\x05\xa3\x25\x0d\xc6\x8c\x3c\x18\x95\x7c\x17\x0d\x09\x2f\x9a\x31\x5e\x64\x19\x27\x6a\x38\x2f\xca\x68\x2f\xea\xca\xa9\xa3\xae\x68\x47\x2d\x61\x70\x4b\x64\x6a\xa9\x9c\x33\xa5\xf4\x12\x35\xfc\x12\xb3\x10\x4c\xa4\x8d\x32\x29\x26\xc4\x4a\x8c\x35\xf1\xd2\x25\xdd\x55\xb6\x70\xe2\x08\x58\x63\x19\x9d\x2d\xcb\x28\x4c\x49\x28\xa1\xb8\xfb\x7f\xb8\x80\xec\xff\x5b\x58\x8f\x27\xf1\xea\x2b\x0f\xd3\x31\x56\xdc\x5f\xfa\x3a\x98\xec\x67\xb8\xea\x5c\x26\x03\x26\x2f\x86\x92\xad\xd0\x69\xbb\xe2\x9d\xf9\x19\x7e\x27\x9d\x7c\x95\x2c\x1a\x53\x34\x9d\x6a\xfe\x0c\x99\x71\x46\xe6\x0c\x5d\xe9\x6b\xe1\xcc\xa0\x29\x63\x27\xb0\x65\x00\x5b\x06\xb0\x65\xcc\xc1\x96\x21\xf4\x6f\xe0\xc9\x28\xc9\x58\x4e\x1d\x61\x40\xcf\x2b\xba\x94\xbb\xf9\x2d\xdb\x10\x72\x95\xcd\x35\x43\xc8\x15\xc5\xde\xcb\x89\xb8\xca\xda\x09\xf2\xbf\xd7\x13\x70\x05\x97\xe8\x56\x15\x97\x8b\x13\x02\x8a\x9d\xa7\xa7\xd8\x81\xdb\x5f\xab\x17\xf1\x11\xa3\x7f\x86\x31\x9f\xed\x5f\x1f\xcf\x16\x72\xe9\x6b\x35\xf5\xd0\x0a\x89\x78\x94\x72\x53\x68\x81\xd2\x09\x36\xc4\xc6\x99\x2b\xc5\x60\x03\xe1\x50\xdf\x53\xa0\xd8\x89\x02\x22\x76\x66\x9e\x2b\xf6\x31\x9e\x87\x5c\x5f\xdd\x57\x85\x78\x58\xb8\x53\x27\x4f\xb9\x71\x79\xf0\xd7\x97\xe3\x8b\xf3\xe3\x0f\xe7\xc7\x17\x9f\x86\x27\x97\xc7\xe7\xdf\x0f\xbe\x54\x36\x73\xb7\x84\x0c\xe6\x84\x19\x1c\x0e\x3a\x10\xb0\x3d\x95\x03\xd0\xbe\xcc\x48\xfb\x32\x78\xb7\xd9\x1d\xec\xee\x75\xfb\xdd\x7e\x6f\xb0\x0b\x4c\x4e\x6b\x73\x8b\x29\xf0\xa8\x2d\x9d\x47\x0d\x58\x60\x5e\xd6\x8d\xad\x8b\x26\x89\x99\xa7\xbb\xcf\x8c\x43\x06\x2e\x66\x5d\x04\x61\x4d\x20\x76\x39\xf1\x29\x4f\x7a\x72\xad\x4e\x10\xe4\x09\x9d\x35\x19\x05\xa8\x70\x6b\xff\x1b\xe5\xdb\xae\x6f\xbf\x14\x02\x56\x26\xe6\x25\x9b\x15\xd3\x3d\xab\xc2\x74\x22\xf4\x40\x7d\xc8\x33\x9c\x8c\xaa\x2c\x28\xe8\xaa\x23\xf7\x8b\x37\x2e\x8d\x7d\x14\x1c\x1d\x4f\x63\xb9\xbe\x35\xc1\xfc\xef\xf8\xcf\x5c\xfb\xaf\x3a\xe8\xdf\x8b\x01\xb8\xe2\x0e\x2a\xee\xe6\xd9\xe9\xd1\xd2\x36\xf9\xf1\x59\x45\xb7\xc8\x88\x96\xaf\xfe\xe2\xec\xe0\x70\xf9\x6d\x90\x07\x4d\x15\xa2\xe7\xcb\xc1\xc9\xc9\xf1\x97\xa3\xeb\xe1\x87\x96\x2d\x59\xb4\x95\x27\xf5\xaf\x98\xd6\xd2\xb3\xeb\xaf\x07\x17\xff\xeb\x09\xdb\x9a\xba\x61\x34\x42\xdc\x36\x48\x38\x0d\x07\x6b\x80\xc9\xca\xba\xb3\x59\xf6\x6d\xae\x07\x66\x2b\x48\x68\x67\x3c\x31\x7b\x71\x52\x20\xd2\x59\xbb\x1b\x9c\x6f\x1e\xe2\x6f\x5e\xf2\x55\x2a\x66\x43\x31\xcc\x4f\xfd\xea\x56\xc1\xba\xf3\x05\xcd\x1b\xfc\x3c\xe5\xe8\xde\x70\x68\x58\x22\x2f\x11\x50\x12\xcd\x43\x49\x04\xd4\x3b\x40\xbd\x03\xd4\x3b\x40\xbd\x03\xd4\x3b\x40\xbd\x03\xd4\x3b\x40\xbd\xb3\x32\xea\x9d\x02\x1d\xc5\x0e\xd0\x51\x00\x1d\x05\xd0\x51\x20\xa0\xa3\x00\x3a\x0a\xa0\xa3\x58\x20\x1d\x85\xeb\xe3\xc9\x8d\xc7\xec\xbb\xe5\x52\x54\x94\xa6\x06\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x8a\x42\x59\xc0\x5b\x01\xbc\x15\xc0\x5b\x01\xbc\x15\xc0\x5b\x01\xbc\x15\xc0\x5b\x01\xbc\x15\x2b\xe1\xad\x98\x76\xe2\xac\x52\x4d\x65\xb7\xc8\x7d\x12\x20\xbb\x00\xb2\x0b\x20\xbb\x00\xb2\x0b\x20\xbb\x00\xb2\x8b\x97\x45\x76\x71\x98\x18\x1d\xe5\x58\x20\x3c\x1a\x05\x64\xa4\x55\xeb\x78\xe9\x09\xf1\x2f\xf6\x9d\x15\xcd\xf8\x76\x71\x7c\x7d\x76\x7a\x54\x1f\x29\x5f\x1e\x94\x0e\x5c\x1b\xc0\xb5\x91\xb4\x00\xb8\x36\x80\x6b\x03\xb8\x36\xb2\x6d\x02\xae\x0d\xe0\xda\x00\xae\x0d\xe0\xda\xc8\xf6\x16\xb8\x36\x80\x6b\x03\xb8\x36\x80\x6b\x03\xb8\x36\xb2\x3f\xe0\xda\xc8\xb7\x02\xb8\x36\x80\x6b\x43\xff\x80\x6b\x03\xb8\x36\xb2\x5c\x1b\xda\x25\xf1\x42\x16\x16\x1b\x37\x7b\xf1\x19\x3f\xef\xdd\x39\x8e\x65\x07\x0e\xd7\x37\x94\x03\x35\x07\x50\x73\x00\x35\x07\x50\x73\x00\x35\x07\x50\x73\x00\x35\x07\x50\x73\x00\x35\xc7\xd5\xf3\xa7\xe6\x58\xe9\xa0\xb5\x99\x6a\xcb\x19\xb0\xc2\x3c\xab\x99\x61\xe6\xdc\x2a\x30\x98\xec\x2a\x06\x93\x69\x2a\xb2\x76\x08\xd0\x41\xf7\x4a\x4f\x5e\xbb\x20\x9f\x07\x7f\x8c\x45\x23\x1d\x75\x6a\xa2\x0e\x35\x43\xf1\xf4\x5a\x7b\xca\x5d\xab\xc2\xcd\xe3\x96\x97\x12\x1c\x04\xa1\x41\x4b\x0c\x0d\x1a\x40\x68\xd0\x62\x43\x83\x1a\x07\x07\xad\x22\x3c\xa8\xa4\xca\xbb\x3d\x7e\x8d\xa3\x70\x7c\x1d\xb2\x3b\x42\xe3\x3e\x5f\x1c\x9f\x7f\x1f\x1e\x1e\x1f\x1c\x1e\x9e\x7e\x3b\xb9\xbc\xbe\x3c\xfd\x7c\x7c\x22\xfa\x5c\xd7\x90\xda\xf8\x22\x88\x2e\x5a\xd3\xe8\x22\x30\x3a\x81\xd1\x09\x8c\x4e\x60\x74\x02\xa3\x13\x18\x9d\xc0\xe8\x04\x46\x27\x30\x3a\x81\xd1\xe9\xd5\x1a\x9d\xa6\x05\x2b\x4e\x53\x95\x15\x4f\x97\x54\x93\xd7\x84\x4b\xb7\x01\xcf\x1b\x70\xe9\x16\x2b\x01\x2e\xdd\xe4\x4b\x01\x97\x6e\xe1\x5b\x02\x97\x6e\xae\xcd\xc0\xa5\x0b\x5c\xba\xc0\xa5\x0b\x5c\xba\x6b\xc6\xa5\xbb\x86\x24\xaf\xb3\xf0\xbb\xb6\x10\x3b\x8b\x50\xb5\xe6\x63\x74\x9d\x5b\xd9\x79\x56\x54\xae\x53\x3e\xd7\x1a\xf0\xb7\x2e\x9a\x58\xb9\xf9\xc8\xad\x3f\x75\xf5\x53\xd0\xb9\x36\xf4\x9f\x90\x82\x28\xe3\x3d\x51\x45\x3c\x27\x56\x46\x3d\xe5\xdc\x13\x71\xcd\x61\xdf\xe7\xd5\x3b\x5c\x20\x98\x8b\xdb\x07\x04\x73\x40\x30\x67\x64\x05\x82\xb9\x67\x43\x30\x77\xa9\x9e\x13\xe5\x46\xa4\x08\x1e\x10\x67\xf1\x4c\x4f\x58\x26\xe2\xb9\x25\xed\x33\x38\x54\xc1\x29\xee\x84\x54\xb0\xb7\xbd\x02\xd6\xb9\xa4\x5e\xe5\xee\x63\x09\x89\x9f\x5f\x71\x8c\x86\x01\xf3\x7c\x0f\xe7\xf9\x0a\xd2\x42\xaf\x3a\xba\xd8\xcc\xfb\xb8\x45\x57\x1d\x63\x2c\x3b\x2d\xaa\x26\xa1\xed\xcc\x5e\x65\x3c\x0c\xc6\xc4\x02\x8a\xbd\xb9\x28\xf6\x62\xfc\x3f\xf4\x30\xe7\x27\x86\xf6\x24\xd5\x20\x2b\x9e\xed\x71\xf2\x59\x19\xf9\x80\x8a\x0f\xa8\xf8\x80\x8a\x0f\xa8\xf8\x4a\x8b\x2b\xc4\xc0\xbe\x41\x07\x8e\x23\x84\xed\x07\x8f\xfc\x42\xdf\x65\x07\xd0\x51\xe0\x0a\x15\x53\x2a\xa6\x6a\xa1\x89\x14\x3e\x09\x04\xf0\xa1\x6f\xd4\xfd\x85\x8e\xd8\x04\xbb\x14\x5d\x30\xfb\x8e\xc8\xe3\x43\xec\x79\xec\x27\x3a\x72\xef\xc4\xee\x2a\x83\x3c\xd2\xfd\x3d\x76\xfd\x26\x4a\xff\x56\x2c\x49\x4c\xd5\x42\x90\x3a\x7a\x46\x17\x0f\xd4\x46\x07\x67\x65\x21\xc1\xb7\x1e\xf9\x75\xcf\x3c\xcb\x91\x4d\x2b\x87\x21\xd1\x85\xef\xac\x48\x29\x51\x13\x57\x5f\x56\xb8\x55\x24\x4a\x29\x0c\x77\xb6\x19\xf5\x8c\x86\x99\xad\x2b\x70\x19\x66\x5b\x03\x5c\x86\xed\x6a\x03\x2e\x43\xe0\x32\x7c\x76\x5c\x86\x4b\xe0\xf5\x03\x72\x3e\x20\xe7\x03\x72\x3e\x20\xe7\x33\xb3\x01\x39\x5f\xf2\x03\x72\xbe\xf5\x27\xe7\x43\x06\x46\x28\x85\x9e\x3f\x50\x3b\x9f\xbd\xac\xe7\x42\xdd\xc2\x23\x42\xc3\x1a\xa3\x10\x30\xfd\x01\xd3\x1f\x30\xfd\x01\xd3\xdf\x93\x31\xfd\x51\x5c\xc6\x26\x07\x1c\x7f\xc0\xf1\xf7\x8c\x39\xfe\x8a\xbd\xd0\xfe\xa3\xd5\xc6\xcf\x92\x29\x59\x2e\xcd\x2b\x1a\xa2\xbe\xdd\x91\x1b\xc8\x93\xde\x87\xe2\x07\x44\xc5\x39\x5b\xaa\x00\xe4\xc7\xbd\x68\xd1\x2d\xfb\xf0\xb5\x96\xcf\x05\x34\x39\xe2\x72\x39\x90\x5f\xc4\x36\x4e\xdd\xe4\x3f\x3d\x12\x5a\xda\x65\xa7\xa7\xb0\xa4\x27\x93\x25\xbd\xfb\x7f\x91\xc3\x4b\x63\x8a\x16\xcb\xbb\x58\x20\x81\x79\x0b\x24\x30\x40\x02\x03\x24\x30\x40\x02\x03\x24\x30\x65\x35\x03\x09\x8c\xf9\x0a\x48\x60\x80\x04\x06\x48\x60\x80\x04\x06\x48\x60\x80\x04\x06\x48\x60\x80\x04\x06\x48\x60\x80\x04\x06\x48\x60\x80\x04\x06\x48\x60\x80\x04\x06\x48\x60\x80\x04\x06\x48\x60\x4a\x3a\x01\x24\x30\xe9\x3b\x20\x81\x99\x42\x02\x23\xfb\x26\xda\xaa\x63\x53\x2b\xd7\x08\xb0\xc3\x00\x3b\x0c\xb0\xc3\x00\x3b\x0c\xb0\xc3\x00\x3b\x0c\xb0\xc3\x3c\xbb\xb1\x05\x76\x18\x60\x87\x01\x76\x18\x60\x87\x01\x76\x18\x60\x87\x01\x76\x18\x60\x87\x01\x76\x18\x60\x87\x01\x76\x18\x60\x87\x01\x76\x18\x60\x87\x01\x76\x18\x60\x87\x29\x0e\x3d\xb0\xc3\xb4\xab\x0d\xd8\x61\x80\x1d\x06\xd8\x61\x80\x1d\x06\xd8\x61\xca\x2a\x06\x76\x98\x8c\x75\x0e\xd8\x61\x80\x1d\x06\xd8\x61\x80\x1d\x06\xd8\x61\xd4\x0f\xd8\x61\xa6\xb6\x01\xd8\x61\x80\x1d\x06\xd8\x61\x80\x1d\x46\xfe\x80\x1d\x06\xd8\x61\x5e\x21\x3b\xcc\x9e\x22\x87\x99\x76\xe0\x99\xf8\xde\x9e\x33\x09\x4c\x73\xf8\x53\xea\x28\xa9\x4a\x8f\xb2\x99\x7d\x2a\x1b\x46\xb7\xa0\x85\xf9\x45\x4e\x75\xd0\x4f\x7d\x97\x17\xeb\x1c\x5a\xdb\x05\x94\x8d\x0d\x68\x55\x73\x5d\xe4\xce\x42\xc2\x83\x96\xec\xed\x5a\x33\x3e\x91\xe1\xb5\x55\xfb\xc9\x97\x10\xed\x32\xcb\xcc\x7b\x01\x51\x19\x53\x22\x30\x2a\x5f\xcc\x12\x51\x51\x11\xce\x31\xcd\x39\xbd\xfd\x84\x49\x30\x3a\x75\x65\x0f\x14\x26\x3e\x67\x27\xf6\x6a\xd0\x9d\xe2\xc9\x9e\xf6\x3f\xb5\x38\xce\xed\xd0\xde\xb4\xd0\xf9\xfc\xda\x5b\xd5\xd2\xd8\xbd\xfd\xc9\x1d\xdc\xeb\xe4\xa7\x10\xea\xeb\xe4\xeb\x5e\x36\xa6\x0a\xed\x5a\x0c\x69\xcb\x81\x6b\xe9\xe4\x2e\xf5\xfe\x58\x31\x59\x82\x97\xfb\x1a\x38\xb8\x2b\xf5\x4f\x8c\xbd\x1e\x67\x74\xbf\xd5\x1d\x74\x07\xe2\x79\x0c\x73\x0e\xb3\x79\x51\x5e\xf5\x44\xc2\x5e\x40\x3c\x82\x39\xe1\x6f\xd2\x6c\x79\xff\x77\x19\xee\xad\x4e\xd3\x6f\x99\xe7\xb1\x9f\x2e\x1d\x21\x9b\x4d\x7c\x46\x09\x0d\xe3\xf0\x75\x31\x44\x6f\xc4\x5e\x4d\xb9\xd8\x8b\x76\xee\xa7\x65\x26\xcf\x6d\xea\x66\x1f\x67\x70\x77\xff\xbe\xdf\x7d\x27\x5e\x25\x9e\xfb\x39\x8e\x43\x1b\x53\x74\x43\x9e\x37\xcf\xe1\x8b\xe0\x2b\xbc\x5a\x37\xc6\xc2\xab\x55\x10\x0d\xf6\x17\x44\x34\x68\x26\x58\x07\x3e\xc0\x86\x6c\x80\x0b\xe6\x02\x9c\xc6\x04\xb8\x4a\x1e\x40\x51\x91\xef\x5e\x07\x8c\xe9\xde\xc5\xe0\x9a\x19\x5a\x5d\xf3\xf5\xa7\xd3\x8b\xcb\xeb\xeb\xfd\xd2\x77\x67\xa7\xe7\x97\x85\x91\x07\xae\xc1\x35\xe1\x1a\xdc\x30\x33\x7c\x3f\x19\x6a\xfa\xcf\x5c\xea\xef\x27\xc3\xdf\xbf\x33\x49\xcf\x58\x10\x96\xa7\x15\x6f\xd2\x03\xa9\x02\x87\xe1\xd4\x88\xb4\x44\xdc\x4e\x89\x4b\xd3\xaa\xdb\x13\x85\xa7\xa5\x9c\x3c\xd3\xd5\xe4\x3a\x41\x0b\x91\x6a\xab\x88\x54\x83\xe8\x2d\x88\xde\xaa\x88\xde\x9a\x1a\x58\x03\xe1\x5d\x10\xde\x35\x47\x78\xd7\x2b\x0a\xc4\xaa\x77\xd7\x2f\x91\xeb\xe0\xb4\x9f\x6d\xcd\x02\x9c\xf6\xc1\xff\x74\xe9\xfe\xa7\xaf\xd0\xfd\x3e\xf9\xc4\xae\x47\x92\xd1\xe6\x4c\xaa\xb2\x76\xe8\x89\x47\x5c\x6a\xd5\x55\x7e\xd5\x8b\x73\x37\x7f\xee\x91\x00\xa9\xcb\xf9\xf7\x5d\xc4\x23\x5f\xec\x32\x45\x63\xa5\x8b\xfc\xb2\xbc\xce\x57\x1b\x2b\xb3\xdc\x60\x87\x27\x0b\xaa\x79\xbe\x81\x0c\xe0\xf1\xde\xd2\xe3\xfd\xa5\xb9\xb4\xaf\x93\xcf\xfa\x4b\x71\x23\x9f\x42\x07\x90\x9a\x9f\xd6\x9f\x15\x60\x86\xf8\x7e\x79\xea\x06\x01\xfe\xc5\x46\x3f\x79\x90\xfe\x5a\x06\xcb\x43\x90\x05\x04\x59\xcc\xdf\x06\x08\xb2\x78\xe2\x20\x0b\x55\x76\x10\xe5\xb0\x24\x17\x7b\x51\x96\x67\xbe\x88\x09\xd4\x20\x0e\xa0\xd0\x8c\x1a\xbf\xff\x0a\xa5\xa0\x3e\x30\x23\x31\x70\x41\x78\x06\x2b\x8c\xd0\xcb\x88\x5b\xa8\x0d\xf6\xc8\xcd\xec\xa9\x71\x27\xc5\x12\x16\x18\x2e\xb2\xea\xa8\x18\xe9\xb7\xa5\x29\xc1\x3d\x4f\xa9\xc8\x15\xb7\x92\xc4\x26\x03\x21\xab\x0d\x6f\x7f\x65\xc6\xb5\x24\x6d\xf5\x44\xad\xa2\xe5\x5e\x87\x12\x0f\xfa\x8b\xbe\xcc\x0e\xae\xb3\x83\xeb\xec\xd6\xef\x3a\x3b\xb8\xa2\x0d\xae\x68\xcb\x0d\xe4\x13\x5e\xd1\x06\xd7\x8c\xc1\xbd\x76\x2b\xbd\xd7\xee\x05\xdf\xe6\xb9\x9c\x08\x53\x16\x10\x87\x72\xeb\x7e\xd0\x1d\xec\xaa\x20\x53\x59\xb5\xbe\xef\xbc\x26\xd6\x74\xf6\xa6\xa9\x2a\xeb\x1a\x37\xef\x85\x08\xb9\x7a\xb3\x7e\x82\x19\xf7\x8e\x1b\xc6\x42\x1e\x06\xca\x97\x55\xd5\x63\xe9\x23\x2b\x7e\x95\x8f\xb8\x48\x5a\x1e\x07\x61\xe5\xe3\x98\xd2\x18\xa6\xec\xb9\x4f\x2e\xc0\x32\x1b\xc1\x99\x46\x65\xe5\x83\x63\xd3\x00\xa7\x34\x92\x2a\x89\xa2\x6a\x5e\x77\x12\x9f\x65\x96\x27\xe3\xbd\x96\x73\xf1\x44\xd1\x91\xb0\xac\xd8\xcc\x67\xc0\x51\xc8\x94\xcb\x65\xf6\x00\x6e\xf1\x5f\x6e\xa1\xb1\x41\xf9\xd2\xdb\xc4\x08\x4d\x5f\x05\x62\x0d\xc6\xae\x77\x85\x2f\x65\x7c\x8f\x34\x8c\x65\xb6\xd5\x96\xe4\x38\x64\x01\xb9\x75\x3d\x92\xf8\x54\x77\xf7\x77\xb6\x4c\xc7\x68\x12\x04\x2c\x30\x2c\x2a\x63\x82\xbd\xd0\x70\x16\x0a\x08\x76\x0c\x07\xb8\xf4\x83\xa1\xd4\x0b\x5b\x31\x15\xfc\xfe\x8d\x1e\x1f\x05\xc2\x74\xcf\x89\xc0\x54\x72\x38\x3c\x3a\xe7\xe8\xf7\xef\xc7\xc7\xb2\x47\xc4\xe3\x44\xfd\xeb\xaa\xe3\x52\x0b\x3b\x4e\xd0\xc5\x81\x8f\x91\xeb\xef\xca\x7f\x5c\x75\x74\x42\x39\x5e\x59\xff\x77\xe9\x52\xe8\x52\x69\x23\xce\x98\xe3\x6e\xb1\xe7\x85\xe3\x80\x45\xa3\x31\x2a\x2f\x35\x49\x6c\x58\xb0\xfd\x80\x4d\x48\x38\x26\x11\x47\xfb\xef\x06\x3b\x5b\x57\xf4\x2a\xd4\x70\xd9\xfd\xe6\xf3\x30\x20\x78\x22\x15\x18\x12\x88\x6e\x64\x5c\x2d\x6f\x59\xf0\x13\x07\x0e\xea\xa2\xc7\x47\xed\xa0\xe9\x26\x0e\x9a\x25\x99\x45\x9f\xdc\x5b\xf4\x0f\x57\x8e\x97\xf4\xbe\x7c\x7c\xec\x8a\xff\x8b\x83\xbe\x64\xd5\x7a\x78\xca\xea\xb9\xea\x48\xc3\x8c\xc0\x04\xef\x5e\x1e\x3b\xc9\xf0\x9a\xd0\x9c\x5c\x89\xb5\x04\xdb\x63\x82\xb6\x8c\x23\x52\x8f\x31\xdf\xfc\xbc\x1e\xc3\x8e\xf9\x16\x3b\x37\xd8\xc3\x34\x36\xc8\x96\x4d\xd4\xe4\x36\x12\xed\x14\x9e\x38\xdd\xcc\x3a\x5d\xab\xfc\xbe\x65\x22\x27\xde\x47\x64\xc1\x42\x15\x7e\xd5\x11\x33\xfc\xe8\xe4\x42\x0c\x41\xaa\x04\xac\x85\x93\x77\x1b\x2f\x76\x73\x24\x66\x77\x0e\xcf\x8e\x67\xa5\x7f\x38\xb1\x6d\x36\xf1\xbb\xf1\x09\x4c\xa9\x9b\xb8\xf2\x0e\x77\x98\x7d\x47\x82\x9e\x06\xe9\x32\x5f\xf1\x6a\x3e\x7a\xbd\x19\x34\x28\xe9\xa7\x6b\x28\x71\x03\x4b\xbc\x94\xe3\x59\x56\x5c\x05\xe5\x3e\xcb\x89\xeb\x6b\x89\xbf\x6f\x0b\x87\xd7\x39\xbc\x7e\x67\x73\x73\x2e\x75\x0e\x47\xe5\xce\xed\xfb\xc8\x73\x69\xf4\x2b\x4e\xb5\x1c\x17\x72\x3d\x95\xd6\x33\x26\xa0\xca\xef\x59\x05\xc5\x14\xb3\x55\x7f\x97\x12\x7f\x5f\xab\x88\x80\xea\x67\x1c\xab\x2a\xf4\x2a\xb8\x30\xc8\x14\x67\x91\xe7\xa9\x1d\xee\x3e\x1a\xde\x9e\xb0\xf0\x2c\x20\x3c\xc3\xc7\x53\xee\x8b\xe4\xb9\x13\xb7\x70\xdc\x3d\x21\x13\x16\x3c\xec\xa3\xc1\xdb\xfe\x57\x37\xff\x35\x4a\xfc\x96\xa4\xd7\xd2\xa0\x9f\xf5\x5a\x4a\x8b\xc9\x96\x82\x83\x11\x57\xa7\xbf\x96\x92\x47\x1b\xb1\x94\xd2\x7d\xef\xc5\x8a\x48\xf6\x98\xb7\xe2\xf4\x2c\x1d\x38\x81\x00\x96\x4a\x65\xb6\x23\x7f\x0e\x56\x18\xe1\x6a\x1f\x1d\x9f\x05\xb9\xba\x92\x2f\x77\x26\x1d\x8e\x84\xf8\x4f\x8b\x51\x0d\xc9\x95\xed\x07\x2c\x64\x36\xf3\xf6\xd1\xb7\xa3\xb3\xf6\x45\x59\xa1\xed\x97\x17\x77\x79\x58\x57\x9c\x52\x4d\xf2\x05\x4e\x48\x18\xb8\x76\x45\xfb\x32\x05\x56\xfb\x9c\x95\xbb\x68\xe9\xf3\x8f\xbc\x4a\x88\x12\xdf\xac\xbd\xfe\x5e\xce\x4f\x8c\xdb\x63\x22\x1a\xf5\xe9\xf2\x32\xe3\xec\x58\xea\x64\xb6\x9b\xc9\x1c\xba\x13\xc2\xa2\x30\x79\xbb\x63\xbe\xe4\x91\x6d\x13\xce\x0d\xff\xb3\x41\x56\xed\xcb\xbb\xa7\xed\x64\x55\xd8\x0a\xe7\xb4\xda\x7e\xe7\x54\x5f\xa3\xdb\x83\xbd\x41\x93\x6e\xd7\xb9\x30\xc8\x9b\x0c\xce\x62\x2f\x86\x63\x6e\x63\x15\xca\x5e\xe2\xe6\x65\x46\x6b\xe6\x5a\x8a\x1d\xa7\xe0\xea\x70\x72\x7c\x79\xfd\xd7\xf0\xe4\x28\x8e\x49\xcd\xbe\x77\x02\x96\x3f\x39\xb3\x44\x63\xca\x96\xce\x39\x63\xe1\x07\xd7\x23\x7a\x4f\x94\x59\x48\x0e\xe5\x31\x34\x1d\x29\xe9\x1f\xbf\x29\x9e\x0b\x4f\x5d\xce\x53\xce\xf4\x8a\x8b\x1b\x21\x37\x24\x05\xe8\x8f\x03\x78\x62\xa8\xc9\xa1\xb7\xfa\xac\xe9\xdb\x9a\x0d\x98\xde\xe2\x95\xea\xb3\xa6\x12\x55\xad\xd0\x16\x55\xab\x74\x93\xa1\xf4\xa7\x40\x06\xc9\xc8\x35\xdd\x29\x4b\xc1\xed\x00\xfb\xb5\x9b\xe7\x26\x6a\x72\xac\x65\x69\x9d\x29\xef\x0c\xdb\x42\xa7\xce\xea\x1c\xa5\x95\xeb\xca\x86\x67\xfb\xe6\xee\xf0\xe4\xe2\x42\x6e\x7d\x94\x7c\x4b\xf1\xd7\xca\x83\xab\x9f\x01\xcd\x02\xc8\x5a\x65\x08\x5a\x95\x47\x03\x9f\x55\x06\x92\x7e\x0e\x4d\x73\xb9\x16\xb3\xdf\xb1\x70\x14\x32\xb1\xac\x95\x1a\xd1\x3a\xe4\xb5\xa4\x94\xd9\xe2\x5f\x4b\x9b\x33\x47\x80\x69\x69\x79\x89\xd6\xbf\x00\x1d\x3e\x53\x74\x51\x9d\x9f\x43\x01\x7e\xf5\x4a\x6a\xd9\x56\xa8\x76\x07\x53\x55\x50\xfd\xee\x65\x06\x1d\x39\x3f\x9d\x50\x99\x9a\x7c\x10\x85\xec\x42\x26\x2a\x28\xcc\xad\xbd\xf2\xb5\x86\x7b\xd5\xd9\xec\x4f\xf2\x2e\xbb\xc8\x50\x74\xaf\x3a\x03\xa1\xea\x1a\x29\x62\x6f\x47\x33\x8f\x85\x12\xa4\xf5\x03\x26\x00\xc6\x65\x14\x7b\x85\x55\x12\xa7\xb6\xac\x04\x10\xde\xe7\xf0\xc0\x4c\xa4\x04\xe3\x04\xfb\xef\xab\x96\x5d\x9a\x36\xc4\xc1\x88\x84\xef\x53\x74\x2a\xd3\x8a\x25\xeb\x0b\x8d\x81\x1a\xb9\x5c\x3b\x94\x7a\x22\xb3\x32\x2b\xff\x77\x79\x77\xd2\x84\x05\x44\x2e\x48\xfe\x3f\x84\x2e\x2f\xff\x75\x46\x82\x73\xe2\x7b\xae\x8d\xaf\x3a\x88\x8f\x59\xe4\x39\xc8\x61\x32\x1a\x32\xeb\xb5\x2c\xb9\x6d\x54\xc1\x7c\x82\x3d\x4f\x15\xbc\xa1\xe3\x4c\xa7\x95\xa3\x4c\x36\x5f\x5c\x4a\x70\x70\x90\x74\xf7\x0c\x07\x78\xc2\xb3\x7e\xa7\xa2\xdb\xda\xf6\x60\xf9\xf2\xfd\xfb\xc7\xab\x8e\x27\x73\x5e\x75\xf6\x1f\x1f\x2b\x4b\x29\x58\x76\x9a\x15\x58\x32\x10\xfb\x83\xcd\xbd\x8d\x92\x8e\xed\x6f\x6f\x5c\x75\x26\x2e\x15\x29\x36\xae\x3a\xbe\xba\x29\xec\xc2\xa5\x23\x8f\x9c\x31\x97\x86\x1f\x94\xce\x7a\xd5\xd9\x97\x5c\x1b\xc5\x60\xec\xb8\x41\x1e\x1b\x85\x8c\x87\x0e\x09\x82\xf7\x79\x5f\x57\xf1\xfe\xfe\xfd\x66\x13\xdc\x9d\xae\xee\x34\x38\xe2\x69\x28\xd5\x64\x5d\x8b\xbe\xfa\x3d\x6b\x9a\xcf\xb4\xa4\x15\x71\xa9\xe4\x9a\x94\x07\x28\xf1\x3b\x75\x8a\x22\x9e\x2b\x07\x7e\x31\x53\xd5\x99\x8c\x4a\xd1\xb0\xd0\x40\x7d\x7b\xd1\x15\x1d\xb2\xed\x91\x80\xf7\x64\x23\x4b\xea\x1a\x11\x5d\x95\x26\x3c\x2c\xaf\x2b\x3d\x4c\xbd\xea\x6c\x5c\x75\x84\x2e\x52\x51\x7d\x1a\xfc\x98\xd4\x29\x4a\xd7\xad\xe2\x24\x9c\xb7\x29\x15\xf5\x26\x20\x55\x36\xa0\x49\xc9\x9a\x00\x52\xa4\x28\x9f\x1d\x8b\xb9\x70\xbe\x66\x92\x18\x47\x39\x52\xb4\x56\x1c\xe6\xd4\xcf\xf8\xea\x39\x6f\x9e\x43\x35\x3e\x60\xca\x95\xde\xe8\xfc\x2a\x55\x89\x4a\x4e\x7c\xdf\xc2\x89\x2f\x9c\xf8\xc2\x89\x2f\x9c\xf8\xb6\x3c\xf1\xcd\x9e\xaf\x7a\x78\x42\x9c\xc8\xbe\x43\x3b\x46\xc2\x8c\xb6\x0d\xa7\xc2\x70\x2a\xbc\x66\xa7\xc2\xb1\x22\xa4\x6d\xc7\x70\x48\x0c\x87\xc4\x70\x48\x0c\x87\xc4\xab\xb4\xbf\x49\x19\x75\x40\x43\x77\xf1\x5d\xb6\xd4\x92\x2e\xf9\xea\xf1\xaf\x79\x87\x35\x16\xd4\xf7\xac\x96\x18\x4f\x6c\xfd\x12\x20\xc9\x46\xdc\x23\xb9\xda\x7c\xe6\xb1\xd1\xc3\x67\x59\x5b\x66\x50\xe3\x1b\xe1\xaf\xa6\xdb\x0c\xe1\x5c\x1d\xce\xd5\xe1\x5c\x1d\xce\xd5\xcd\x3c\x70\xae\x6e\xf6\x10\xce\xd5\x8b\x29\xe0\x5c\x1d\xce\xd5\xe1\x5c\x1d\xce\xd5\xe1\x5c\x1d\xce\xd5\xe1\x5c\xfd\x15\x9f\xab\x8b\xa2\x15\x1e\xbf\xaf\x47\x02\x79\xea\xbe\x51\x0a\x84\xef\x33\x38\x88\xe0\xc4\x1e\x4e\xec\xe1\xc4\x1e\x4e\xec\x5b\x9c\xd8\xef\x3d\x9b\x03\xfb\x82\x76\xda\x6a\xc7\x23\x37\xcd\x8c\x4e\x30\xc5\x23\x12\xe4\x80\x72\xc2\x1c\xb2\x8f\xce\x89\xcd\xa8\x5d\xbe\x47\x7c\x32\xe7\x80\x76\xed\x06\x67\x82\xf5\x75\x26\x68\xf0\xa5\x8f\x29\x8f\x02\x92\x2a\xd7\xe0\x7f\x30\x33\x78\xb4\x1c\xeb\xc5\x45\xac\x3f\x77\x67\x84\x48\x9f\xfe\x5f\x65\xec\xac\x8d\x1d\x14\x10\x0a\x43\x2f\x73\x76\x0f\x2e\x0b\x6b\xed\xb2\x30\x45\xae\xb6\x93\x4e\x10\x25\x0f\x0e\x10\xd3\x2d\x81\xe0\x00\x01\x0e\x10\x10\x25\x0f\xa7\xf9\x70\x9a\x0f\xa7\xf9\xf1\xcb\x59\x4f\xf3\xe7\xef\x37\x1c\xe7\xc7\x15\xc0\x71\xfe\x33\x3d\xce\x5f\xa2\x12\x0e\xc7\xff\x70\xfc\x0f\xc7\xff\xeb\xad\xd5\xc2\xf1\xbf\xf1\x83\xe3\x7f\x38\xfe\x5f\xcd\xf1\xff\xcb\x8a\x99\xaf\x3d\xdb\x58\xa0\x7e\x02\x27\xfd\x4b\x39\xe9\x87\x03\x7e\x38\xe0\x4f\x0f\xf8\xe3\xcb\x8b\xee\x07\xdd\xc1\x8e\x3a\xe1\x6f\x88\x36\x73\xac\x4c\xcd\xb1\x5f\xf2\x09\x92\xab\xfd\xaa\x16\xe3\x9f\xe9\x54\xfe\xb3\x64\x46\xfd\xe9\x33\x27\xde\xa6\xc7\x17\x2b\xfc\x99\x9b\x58\x7f\x46\x9c\xe4\xf3\xca\xe3\x22\x99\x9f\xfb\xdd\xf8\xb2\xa8\x88\xa6\xb7\xf7\xfd\x59\x98\xd5\xa9\x06\x93\xde\x8a\x5c\xd4\x42\xd2\x23\x72\xf3\x10\x5b\xbd\x19\x91\x70\xd6\x42\x93\x83\xf1\x62\xa9\xf1\x71\xbb\xfa\x4b\x1f\xb9\xcf\x51\x4b\x8f\x87\x38\x8c\x2a\x2a\xf3\xf5\x89\xfe\x62\x56\x65\x93\x79\xb1\xd0\x23\xed\xa4\xd8\x16\x67\xd9\xc6\xed\x93\x8d\x19\x25\x5a\x49\xe3\x06\x15\x24\xca\x44\xa1\xa6\x74\x79\xe4\xef\xb2\x38\x93\x57\x11\xcb\x95\x11\xdf\x46\x52\x52\x79\xd5\xfc\x2f\xb7\x81\x34\x3a\x5b\x92\xa6\x31\xe2\x9c\x05\xec\xd6\xf5\xe2\x95\x96\x3d\x6a\x6a\x51\x9a\xce\x61\x94\x56\x5e\x18\xf6\x7d\x1c\x4c\x58\x90\x96\x56\xb2\x43\x2c\x6d\x5a\x10\xd1\xd0\x9d\x90\x19\x8a\x2b\x6b\x5b\xa1\xb4\x64\x17\x6f\x5e\x0d\x9a\x18\x09\xb3\xd6\x36\x2b\x35\xa5\xc5\x0f\x38\xb1\x83\xf8\x4a\x14\x0b\x91\x89\x1f\x3e\x1c\xc5\x57\xe5\x59\xc9\x05\x71\xf2\x73\xa9\xce\x7d\xd2\x8f\xd2\x32\x7d\x1c\x8e\xcf\x02\x72\xeb\xfe\xda\x4f\xec\xfa\xc9\xe5\x79\x9d\x9a\x54\x99\xdb\x57\xab\x12\x06\x51\x72\xa3\x6a\xec\xd4\x53\x6e\x7e\x4c\xfa\x2c\xaf\xe9\x0b\xb8\xbc\x7e\x59\x5e\x82\x22\xc1\x26\x88\xe8\x01\x17\x2f\x62\x4f\x9c\xc8\x13\xfa\xa1\x78\x7a\x40\x65\x58\x16\x8f\x7c\xdf\x23\x42\x69\xc1\x5e\x06\xd9\x8a\x49\x6f\xb9\x42\x8a\xaa\xf7\x6f\x50\x62\xbb\x45\xa9\xf1\x36\x19\xc5\x7a\xc3\xae\xfe\xb4\x07\xd3\x53\xbe\x41\x87\x86\xf1\xd7\xf8\x48\xe6\x63\x21\x86\x4e\x8e\x2f\xaf\x0f\x8e\xbe\x0e\x4f\x94\xdc\x89\x6b\x70\xf2\x09\xff\xad\x06\x58\x9b\x2a\x02\xe6\x97\xbd\x7f\x23\x6f\x86\xc9\x79\x68\xc9\x99\x32\x3c\x32\x1a\x27\x9e\x0c\xcf\x0e\x73\x4f\xf4\x35\x3c\xa9\xb5\x58\x66\x34\x8c\x78\x13\x97\xee\x23\x6d\x3f\x9f\xe0\x5f\xfb\x68\x77\x67\x67\x6b\x47\xd5\x7b\x71\xfc\x25\xb6\xbf\x70\x22\xff\xa9\xbf\x40\xf2\x4a\x6e\x41\x29\x27\x0e\x72\x29\x3a\xc4\xf8\xe2\xcc\xfc\x44\x7f\xc6\xdf\xe8\xcf\xac\x8c\x49\x17\x45\x1e\x65\xab\x0c\xbc\xb9\x4b\x1a\x1b\xee\x6d\x42\x97\x04\xca\xfe\x92\xa0\x80\x81\xcf\x49\x3d\x36\x75\xe5\x56\xbd\xfb\x7f\xb8\x68\x87\xf6\x07\x4a\xbc\x6c\xae\x3a\x32\x4e\xb8\x23\x96\x87\x7d\x13\xf4\xaf\x3a\x1b\xe9\x2b\x9b\xc6\x1d\xb8\xea\xec\x5f\x75\xfa\xdd\xad\xee\x20\x93\xc0\xf7\xa2\x91\x2b\x14\x77\xa1\x13\x27\xbb\xc3\x8c\x0b\xcf\x55\x27\x7c\xf0\x75\x05\xc9\xd2\xdb\xc8\xa6\x70\x88\x47\x46\x52\x8b\xde\xcf\x66\x16\x2f\xc7\xd8\x0d\x7c\x97\x7e\x15\x1d\xed\xa8\x4f\xbd\x91\x4f\xe3\x72\x7d\x30\xf0\x11\x87\xe4\x27\x7e\x88\x13\x9a\xe9\x8c\xed\xed\xef\x8d\x06\x8d\xf5\x59\x10\x4e\xb0\x5f\x68\xac\x79\x44\x52\xda\x60\x91\xf1\xab\x72\xa0\xe3\xd3\x1a\x12\xff\x53\xab\x7c\xf2\x6f\x4a\xc2\xfa\x2f\xa6\xa7\xbd\x6a\x66\x6a\xcc\x3e\x1c\x1e\x9d\xff\xfe\x9d\xf9\x3e\x7f\xe9\xeb\xac\xb3\xcd\xbc\xea\x5c\x26\xbd\x7c\x7c\xec\xea\x0b\xa9\x75\xda\xae\x78\x97\x29\x46\x64\xf8\x7e\x32\x94\x85\x14\x52\x7f\x3f\x19\xfe\xfe\x9d\x49\x2a\xd6\x5f\x79\x5a\xf1\x26\xb5\x32\xfc\x4e\xba\xdc\x42\x51\x38\xc2\x64\xc2\xa8\xbc\x77\x6b\xca\x6a\x9a\x63\x25\x25\xf6\xe4\x54\x05\x8b\xe5\x62\x6b\xdb\x74\xbe\xec\xf2\xf2\x51\xde\x97\x65\x4d\xad\xc1\xa5\x86\xee\x62\x6a\xd3\x0a\x7b\xc2\xc2\x5a\x12\x84\xb2\x57\x72\xf3\xe0\x52\x87\xfd\x4c\x0a\x2f\x11\x07\xca\x56\x67\x7a\x9d\x4c\x31\xd4\x2f\xc7\x69\x25\x67\x5c\x2b\x37\x73\x57\x59\xa5\xe7\x39\xb2\xc8\x5d\x45\x9f\x6b\x47\x8d\xbd\xbb\xfc\x22\xfb\xd4\xe2\x5d\x30\x70\x17\xad\xce\x16\x2a\xde\x60\x9f\xbc\x94\x2e\x1c\x66\xda\xf4\x5a\xfb\xcc\xc3\xfc\xe5\xf6\xc6\xd8\x2b\x6f\xcc\xf8\x2a\x7d\x1a\x92\xe0\x16\xdb\x99\x36\xc9\x52\xc5\xc3\xf7\x29\x10\x95\x26\x2c\x18\x3f\xcb\xcd\xf5\x75\xbe\x2b\x57\x1d\xe9\xbd\x92\xb3\xd4\xa7\x56\xfa\x9d\x9c\x95\xbe\xc2\x6f\x66\xa6\xb2\xea\x0e\xfe\x4b\xb5\xf8\xa4\xb6\xea\xa3\x7e\x79\xd6\x8f\xfe\x75\xd5\x49\x54\xbd\x0c\xfd\x08\xa1\xf7\x25\x27\xee\xf1\xc5\xfc\x66\x51\x55\x37\xcb\x57\xde\xc5\x5f\x75\x0f\x7f\x75\x75\x17\x67\xb9\xdb\xf7\x17\x56\x67\xee\xee\xff\x29\x0e\x44\xb9\xbb\xba\x2b\x2f\xa8\x37\xee\x12\xaf\x4a\x5f\x71\x63\xf8\x94\x3b\xbd\x1b\x5d\x6b\x1f\x97\xa1\x6f\x4e\xb7\x32\xad\x30\xce\xb4\x4e\x86\x95\x8b\x5c\xcc\x8b\x9e\x91\xbf\xcb\xc7\x35\xb3\xe3\x0d\xba\x1c\x13\x74\x78\x32\x8c\xef\x0c\xd5\xbb\x46\xf3\xfa\x76\x46\x11\xc1\xf6\x18\x55\xdc\x74\x7f\x78\x32\xbc\x3e\x39\xbe\xfc\x71\x7a\xfe\xf9\xfa\xf0\xf4\xe4\xc3\xf0\x63\x93\xcf\x9d\x6c\x4e\x3f\x93\x87\xb2\xaf\x5e\xad\x7f\x9b\x3f\x29\xd5\x32\x2a\x74\x79\xfb\x44\xbb\xca\x67\xbf\x5a\xd1\x71\x1d\xd2\x41\x5b\xd9\xe0\x1b\xcf\xac\x9a\x99\x22\xa4\xde\xb4\xe9\x22\xd2\x58\xfa\x2e\xfc\xda\x72\x8c\xab\xef\x93\xf9\x52\xed\x60\x33\xff\xdd\xf4\xb9\x7e\xcd\x74\x8b\xfe\x5c\xf7\xdc\x57\x7f\xfc\x69\x63\x57\xdf\x56\x63\x20\xc5\xfb\x28\xe3\xf4\xfd\xdc\x1c\xc5\x37\xfb\xff\xcd\xd0\x51\x4a\x2c\xef\xbb\x60\x79\x07\xcb\x3b\x58\xde\xd7\xda\xf2\xae\x2e\xea\x06\xab\x3b\x58\xdd\xc1\xea\x0e\x56\x77\xb0\xba\x83\xd5\x1d\xac\xee\x60\x75\x9f\xe2\x4a\xfe\xc4\xa6\xf6\x36\x8e\xe4\x46\x43\xc0\x42\x0f\x16\xfa\x24\x31\x58\xe8\x51\x5c\x16\x58\xe8\xc1\x42\x0f\x16\x7a\xa3\x60\xb0\xd0\xab\x1f\x58\xe8\xc1\x42\x0f\x16\xfa\x35\xb6\xd0\xef\xcd\x67\xa0\x5f\x4c\x7c\xc2\x1a\x9a\x62\x17\x1d\xbe\x33\xe5\x94\x22\x05\x78\x38\x19\xd0\xa1\x1e\xf9\x49\xb9\x48\x23\x8e\xbe\x3a\x45\x7f\xf1\x62\x44\xfb\x82\x0d\x39\xf3\xd9\x71\xa6\x9a\x71\x1a\x59\x71\x0a\x36\x91\x5b\x16\xd8\xe4\xc0\x71\xc4\xb6\x50\x53\xf9\x36\x31\xe2\xcc\x65\xc3\x69\x6c\xc2\x99\x66\xc1\x01\x03\xce\x33\x70\x9b\x6c\xbb\x8a\xc0\x75\xd2\xfc\x3d\x77\xc3\xcc\xf3\xb4\xbf\x34\xb0\x94\x2c\xd2\x34\xb2\x78\xfe\x2b\x69\x25\xd8\xaa\xe4\xb3\xda\xe9\xf7\xbf\xe6\x27\x61\x25\x2b\xd6\x4e\x55\x29\xbb\xdb\x5f\xcd\xa1\x9e\x6e\x6e\xc9\xec\x0e\x0b\xa6\x9f\xce\xc6\x55\x27\x35\xf2\xa8\xbf\xf2\xd6\x1d\x9d\xa6\xc6\x64\x63\xee\x32\x63\xde\xca\x05\xb7\x21\x5f\x43\xd6\x32\xd4\xd4\xd6\x92\x15\x2e\x60\x2e\x01\x73\x09\x98\x4b\x5e\x85\xb9\xa4\xf4\x00\x1b\x55\x58\xfd\x35\xac\x8e\x08\x8a\x95\x45\xad\x6b\xa1\xab\xce\xfd\xa0\x3b\xd8\x94\xdc\xc5\xe9\x54\xac\xa6\xe0\xac\x66\xa4\x69\x96\x2b\x47\x7e\x53\xc2\x09\x3c\x85\x8f\x47\xf3\x35\xf8\x1e\xa6\x0d\xc8\x70\xea\x1b\x5c\x5b\x11\x09\x6d\xa7\x5d\x05\x65\x7d\xcb\xb0\x2a\x19\x35\xe6\x2a\xa3\x2c\xb4\x72\x37\xe1\xcd\xc2\xfd\x03\x36\xb4\xd7\x65\x43\x5b\xba\x27\x9e\x36\xd2\x89\x67\xfa\x86\x8a\xd8\x8d\x76\x4e\x02\xb7\x98\xd1\x6e\x4e\x06\xb7\xd2\x62\x66\x3a\x79\xaf\x68\xd0\xfc\xc4\xd1\x55\x24\x6e\x2a\x39\x6c\xf2\x5a\x9e\xbe\x17\x9a\xb2\x38\xe2\xb6\xb2\xfd\x5a\xe5\x57\x5c\x5f\x9e\xb7\xcf\xd1\xcd\x2b\xe7\x79\xab\xf9\xa8\xa8\x92\xe8\x2d\x4f\x04\x8f\x80\xe9\x6d\x2d\x2f\x7a\x6b\x44\x06\x37\x9f\x60\x9d\x53\xb8\x2d\x8b\xeb\x6d\xf9\x91\x2f\x75\x8c\x5f\xa5\x83\xf2\x4a\xe8\xe0\xe0\xe2\xb7\xb9\x66\x49\x4b\x62\xb8\x4a\x78\x5f\x0c\x33\x5c\x45\xf1\x2d\xa9\xe1\x16\x85\x31\xcf\x01\x58\x16\xb4\x17\x98\x67\x03\xb0\xe4\x1e\x26\x3a\xfb\x1b\x14\x2f\x4b\xa1\x79\x86\x52\x99\x77\x6f\x5d\xe2\xa0\x31\x09\x88\x4e\x32\xe8\xa2\x21\x45\x2c\x70\x48\x80\x42\x86\x26\xf8\x8e\x20\x79\x55\x0a\xfa\xaa\xaa\x43\x0e\x93\xb9\x83\xb8\x06\x14\x8e\x5d\x9e\x14\x8d\xa4\xb0\x24\x21\x09\xba\xaa\xc0\xcd\x6e\x4c\x18\x2f\x74\x8c\x81\x7e\xba\xd5\x45\x3f\x5c\xcf\x43\x37\x04\x85\x11\x55\x71\x06\x01\xc1\x9e\xbc\x16\x40\x20\xfd\xd1\xc9\x05\x92\x93\x50\xa8\x8a\x9e\x54\x0b\x2d\x31\x61\x85\x26\xe1\x72\x14\x46\x81\xc8\xc5\xa8\x2c\x6f\x69\x17\x00\x55\x6e\x6c\x2f\xa2\x40\xa8\xa4\x03\xb1\xa5\x4d\x1e\x66\x76\xbb\xfd\xf5\xb8\xfc\x47\xeb\xec\x41\x69\x54\x57\x7c\x57\x8f\xa5\xae\xff\xc9\x5e\xf8\xf3\x3c\x0f\xae\x4a\x36\xa5\x3e\x73\x0e\x68\xe8\x96\xee\x4b\xfd\x80\xdc\x92\x60\xb6\x8d\xa9\x85\x7e\x12\x77\x34\x0e\xe5\xbd\x29\x39\xf3\x0c\x73\xe2\xea\xc4\x86\xb5\xb0\xe9\x90\x9f\xad\x84\xa4\x3c\xfe\x35\xd8\xcd\x26\x9b\x48\xfd\xc5\xcb\xf7\xa0\xe9\x0e\xac\x7c\x03\x9b\x6c\x61\x85\xdc\x4c\xa6\x8c\x69\x79\x57\xbf\x90\xf9\xcc\x63\xa3\x87\xcf\xb2\xc6\xcc\x24\x19\x33\x1e\x66\x4f\x53\xc0\x0a\x90\xa9\x6f\x75\x56\x80\xf2\x6d\x7d\xa3\x8b\xaf\xea\xae\xbd\x5a\xa1\x65\x20\x6f\x05\xb6\xf2\x7a\x91\x52\xfc\xcc\x4d\x78\x99\xdd\xb5\x28\x9c\xd3\x8a\xd5\x8e\x3c\x7b\xf0\x30\xe5\x2c\xbb\xe2\x36\x27\x6d\x8d\x68\x68\x83\x78\x83\x2e\x4f\x8f\x4e\x85\x82\x14\x6a\xa3\x82\x3e\xb9\x46\x3f\xc5\x46\xfc\x27\xf9\xf3\x9e\x20\x5f\x05\xa9\x3a\x28\x1c\x93\xb4\x55\xe8\x96\x05\x6a\x63\x9e\x2d\x50\x6b\x09\x7c\x43\x24\xa7\x88\x93\x30\xb6\x73\xa0\xf7\xaa\x70\x21\xc3\xef\x08\xf1\x95\x90\x4e\x0b\xcc\x1a\x99\xdf\xa0\x51\x84\x03\x4c\x43\x42\x1c\x64\x7b\x98\xf3\x2e\x3a\x8c\x82\x80\xd0\xd0\x7b\xd8\xc8\xe7\xbd\xc5\x9e\xc7\x91\x4b\x43\x26\xaa\xcd\x96\x73\xd5\xb9\x89\x02\x1e\x0a\x11\x78\xd5\x41\xb6\x90\xb0\xa2\xa3\x5c\x26\x95\x63\xe9\x91\x10\x39\x8c\x70\xfa\x67\x88\x6e\xb0\x7d\xc7\x6e\x6f\xd1\x6d\xc0\x26\x62\xd4\x42\x1c\x84\x52\xc0\x87\x19\x23\xc2\xea\x2f\xb8\x9a\xeb\xea\x24\x7b\x4c\xec\xbb\x5e\x61\xde\xa0\xe4\x66\x91\x41\xbf\xbf\xb3\x9d\x7d\xf1\x92\x2e\x52\x4a\xf2\x95\xf5\x7d\xaf\xbf\x37\x68\xd6\xf5\x37\xe8\x27\x41\x3e\x53\x47\xb9\x3e\x73\x90\x9c\x1e\x91\x2f\x17\x83\x98\x4d\x9f\xd3\xfb\x51\x27\x58\x1a\xb1\xb4\xb6\x8c\x30\x75\xb2\x25\x31\xea\x3d\x88\xe5\x11\xf9\x32\x67\xda\x44\x59\x2b\x52\x17\x81\x22\x46\x6d\xa1\xcd\xe2\xf0\x4f\x8e\x12\x4d\xae\x3b\xf5\x73\x6c\x35\xfc\x1a\x25\x01\x3d\x8e\xbc\xcd\xf5\x7d\xf1\x7a\xd7\x6e\x2e\x1d\xe5\x96\x18\xbf\xf7\x62\xea\x6c\x65\xdf\xe9\x5b\x96\x1c\x37\x78\xdf\xab\x84\xc9\xc4\x3a\x14\x3f\xa8\x70\xb7\x38\x3f\xfd\x7a\x7c\xf9\xe9\xf8\xdb\xc5\xf5\xd9\xe9\xf9\xa5\xd9\x31\xe3\xdc\xb9\xbf\xb3\x63\x8a\x8e\xa9\x57\xac\xe5\x1a\x6d\x5e\x8d\xe6\x31\x79\x15\xa4\x31\x4b\x1a\xde\xb5\x56\x53\x66\x68\xfb\x75\xe5\xd6\x5f\xba\xa6\x7a\x57\x28\xb7\xf9\xad\x6b\x53\xce\xdd\x2b\xbf\x50\xf6\xec\xbc\x22\x99\x71\xc5\x51\x36\x10\x2c\x15\x4a\x47\x27\x17\x5f\x31\xff\xbb\x20\x94\x16\x00\x69\x85\x5a\xd1\xba\x41\x5a\x71\x09\x66\x16\x85\x85\x4c\x13\x6b\xe6\xb9\xfa\x0e\x47\x62\x91\x49\x3f\x98\x3d\x2e\x86\x23\x1e\x12\x8b\x62\x4a\x1f\x32\x19\xb4\x38\x3b\x52\x09\x72\xe6\x5a\xb1\x1c\x33\x7f\xdd\xe5\xd6\x34\xb6\xc7\xc4\xe2\xee\x7f\x88\x58\xf1\xfd\xec\x4b\x8f\x8d\xac\x5b\x6c\xbb\x9e\x1b\x3e\xbc\xcf\x16\x63\x29\x24\x7b\xdf\x2b\x22\x4a\x6f\xb0\xf9\xb6\xdb\xef\xf6\xbb\x83\x37\x7a\xed\xa4\x37\x2a\xe7\x6e\x8c\x8e\x5f\xa9\xdd\x5a\xf1\x6d\x45\x85\xd5\x75\xc4\x7b\xb5\x8a\x8b\x94\xcd\x72\xcc\x4b\xa3\x8b\xc5\x95\xe6\xd0\x37\x4b\x4f\xab\xdc\x9c\xb0\xb5\x70\xf5\x6c\x6e\x84\x7c\x83\x38\x21\xfb\x72\x7d\xf2\xfd\x5e\x6f\xe4\x86\xe3\xe8\xa6\x6b\xb3\x49\x2f\xdd\x28\x98\xff\x74\x39\x8f\x08\xef\x6d\xbe\xeb\xef\xec\x48\x29\xe9\x90\x10\xbb\x1e\x9f\xa6\x99\xce\xe6\xfc\xb8\x99\xd1\x98\x16\x03\x7b\x53\x97\x56\x5c\x1e\x77\x1d\x62\xe3\xba\x33\xc2\x0b\x95\x62\x51\x38\x58\x22\x00\xd6\x1e\xfb\x0a\xe0\x57\x89\x7e\x96\x2f\x46\xeb\xbd\xd6\x69\x37\x92\x95\xb6\x2f\x57\xda\x86\xb1\x6f\xd5\x67\x66\x5d\x7e\x6f\x77\x8b\x20\xb4\xb1\xb3\x71\x50\x56\xb0\xfe\xd6\x46\xc1\xb3\x97\xda\x48\x1d\xd9\x9e\x47\xc4\xb7\x5a\x45\xe5\xcb\x05\xa5\x3b\x92\x64\x79\x15\xaf\xd8\x14\x10\x70\xc4\xc4\x4e\x29\xe2\x24\x39\xaa\x3d\x3a\xb9\x48\xd4\xc3\xba\x73\xff\x25\xdf\x78\xf9\x4c\xef\xa6\xd4\xcb\x7f\xed\xef\xa6\xac\xf9\x76\x46\x8c\xd6\x8c\x5f\x4f\x67\x89\xe5\xff\x37\x9f\x87\x01\xc1\x13\x49\xb5\x25\xfb\x1b\x0b\xfa\xa8\xf8\x26\x09\xeb\xf9\xd7\xe3\xa3\xb6\xe7\xba\x89\x3d\xb7\xa4\xa4\xdf\xbf\xa5\xa5\xf8\x1f\xee\xef\xdf\x1b\x31\x8d\xc0\xe3\xa3\x1f\xb8\x34\xbc\x45\x57\x9d\xff\xf6\xf7\x55\x07\x75\xc5\x23\xf9\xe6\xdf\xd9\x83\xa6\xb8\x85\x17\x61\x74\xa3\x96\x7b\xdc\x32\x9e\x3e\x49\x03\x8d\x1e\xd1\x47\x12\x7e\x56\x28\x65\x66\x29\xe4\x2f\xdc\x73\x64\xb8\x89\xed\xd5\x7b\x89\x65\x83\x7a\x9e\x81\xab\x18\xf8\x79\xe5\x13\xbd\x5c\x0b\x2f\xf8\x79\xe9\x1f\xf8\x79\x81\x9f\xd7\x33\xf6\xf3\x02\x27\x2e\x70\xe2\x7a\x46\x4e\x5c\xe0\xbb\x05\xbe\x5b\xaf\xc0\x77\xab\x26\xf8\x1e\xdc\xb8\xc0\x8d\x0b\xdc\xb8\xc0\x8d\x0b\xdc\xb8\xc0\x8d\xeb\xb9\x6f\xf2\xc1\x8d\x4b\xff\xc0\x8d\x0b\xdc\xb8\xc0\x8d\x0b\xdc\xb8\xe2\x92\xc0\x8d\x0b\xdc\xb8\xc0\x8d\x0b\xdc\xb8\xc0\x8d\x0b\xdc\xb8\xc0\x8d\x0b\xdc\xb8\xc0\x8d\x0b\xdc\xb8\xd2\x61\x03\x37\xae\xb5\x33\x6a\x17\x0b\x07\x37\x2e\x70\xe3\x9a\xc3\x8d\x4b\xaf\x7e\xd5\xe6\xf6\xc4\xfc\x2d\xaf\x43\xad\x3e\x93\x2c\xf9\xa0\xba\x69\x5a\xe1\xd9\xd7\xa7\x7a\xa2\x02\x4b\xf3\x87\xb3\x60\xd1\xd4\xfd\x15\x95\xb4\x20\xf2\xcf\xb6\xba\x6e\x32\xce\x3e\x80\xed\x46\xce\x92\xbd\x11\x5b\xff\xfa\xf6\xcc\x3c\x92\xd9\x21\x4c\xce\x14\x2d\xec\xbb\x46\x0b\x08\x0d\xf5\x91\x7d\xd2\x96\xa7\x1f\xd6\x52\xe7\x89\xea\x53\xef\x7c\x2b\x62\x6f\x88\xfc\xbd\x03\xe9\x9d\x03\x59\x99\x99\x5e\x94\x60\xdc\x6e\x60\x5e\x41\xc0\x53\xd0\x4c\xef\xb8\x4c\xef\x23\x30\xae\x53\x88\x6f\x40\x48\x6e\x3f\x28\x6b\x83\xe9\xd2\x50\xd6\x1a\xc3\xa3\xa1\x45\x45\x73\x0e\x70\xdd\xcc\xad\x1a\xe7\x65\x2c\xf2\x7c\x25\x4b\x99\x8d\xb5\x8e\x04\xd8\x77\x03\x32\x72\xe5\x31\x6e\xf5\x6a\x3f\x38\x1b\xd6\x69\x2d\x3a\x75\x57\xb7\x29\x19\x02\x43\x0b\x50\x6a\x87\x92\x15\x55\x1d\xa8\x53\x79\x46\x6a\xbc\xf3\x35\xc8\x09\x13\x0b\x69\xdd\x64\xa1\xeb\x4b\x3e\x6b\x72\x71\xe7\xfa\x97\x5f\x2e\xbe\x93\xc0\xbd\x7d\x48\x8f\x1d\x64\x59\x67\x81\xcb\x02\x37\x7c\xf8\xea\x52\x77\x12\x4d\x92\x93\x44\x5d\x5e\xfc\x5a\x3f\x9f\xcf\x01\x63\x0e\xe4\x68\x47\x6d\xd3\xbc\xa2\x2a\x25\xb2\x30\x23\xcd\x13\x67\xed\x36\xa7\xfd\xfb\x52\x97\x86\xc7\xc7\xcc\xab\x19\x0f\xdf\xf3\x55\x57\xf9\x13\xe4\x9c\x0e\x1a\x3b\x17\xc4\x6d\x9a\x76\xb0\x5f\x3d\x3d\xeb\x0e\xfd\xcb\xd2\x83\x4b\x76\xf6\xf7\x0c\x4e\x6b\x9f\xa7\xeb\x44\xd9\x5e\xb2\x7c\x02\x3e\x5f\xef\xf0\xf2\xf6\x1a\xe6\x21\xd4\xfd\xaa\x92\xa8\x7d\x9d\x34\x0f\xa1\xda\x1b\x25\x0e\xbc\x9f\xf8\xc1\x98\x0f\xa5\xb7\x71\x56\xd5\x6b\x6c\x1f\x0c\xf6\xf1\x7e\x77\x2b\x43\x3e\x8e\x92\xfb\x38\x3d\x12\x5a\xb1\xe0\xb0\x42\xd3\x74\x67\xa6\x48\xbc\x56\xa4\xad\x94\x70\x6e\x85\x0f\x3e\xe1\xef\xe5\x6d\x0e\x14\x7b\xc3\xb3\xab\xe9\x66\x9d\x6a\x53\xac\x54\x8d\xde\x1b\xd3\x9b\x47\x93\x09\x0e\x1e\xae\xb1\xef\xee\xc7\xd6\xc8\x72\xeb\xcc\xff\xa7\x9b\xf8\x49\xa4\x52\x46\xef\xa8\xdf\xdf\xdc\xd5\x8f\xcf\xd4\x19\xd6\xe6\x4e\x5f\x3d\x8e\x38\xc9\x4a\x2e\x23\x4b\x3c\x0c\x39\xd3\x79\x99\x49\xd7\x5c\x1e\x7a\x75\x9c\xca\x73\xfe\xbc\xbd\x1a\x59\x56\xbc\x3a\xde\x27\x4b\xc3\x2c\xa6\xb9\xaf\xe3\x82\x45\x5f\xa9\x2d\xe3\x6b\xb6\xb8\x26\x26\x8d\x62\x0b\x4c\xa3\x85\xb2\x38\x6c\x6f\x97\x9b\x1c\xe4\xd2\x96\xb1\x01\x67\x69\x3a\xbd\x3f\xa6\x23\x97\xfe\x72\xe9\x48\xce\xb6\xfb\x41\x77\xb0\xa3\xf6\xc7\xe5\x63\x74\x92\x5e\x58\x51\x32\x4a\x71\x31\xb2\xcc\x39\x2e\x11\x93\xf9\xb5\x45\x39\x0a\x92\x2b\xfe\x8d\x21\xcf\xd5\x94\x1b\x74\x39\x60\xb9\x24\x89\x65\x64\xca\x8c\xaa\x02\xd9\xfc\x1c\x9a\xa5\x5f\xa1\xed\xc7\x36\xb2\xbc\x15\x67\x51\x43\x17\x39\x4d\xab\x90\xb2\xaa\x8d\xf9\xa3\x95\x52\xaa\x3e\x61\x5c\xa5\x6e\x11\xce\x6e\x33\x6a\xba\x3e\xaf\xd9\xa5\x41\x9b\xb4\x5d\x30\x90\xa9\xe7\xbb\x1c\xd0\xf0\x5f\x4f\xe5\x1f\x75\x7c\xe6\x52\x53\x24\x1a\xd7\xfd\xa1\xcc\x95\x82\xe2\x2f\x4e\xec\x80\x84\x2b\xba\x0d\xb0\xbc\x96\x39\x6e\x32\x34\xa7\x5c\x65\xc1\x33\xf5\x25\xbf\xc3\x8f\x9f\xeb\x7b\x5e\x5c\x3a\x8a\xb7\x6b\x35\xcd\xd3\xdf\xdc\x1c\x7d\x47\x5e\xbe\xc6\x2b\x87\x7c\x9e\x36\x57\x37\x45\xce\x8c\x7b\x42\xcb\x6b\x95\x73\x49\x45\x39\x18\x4f\xfc\xd5\x0e\x51\xed\x4d\x91\x3a\xba\x63\x4e\xd3\x5e\x83\xd5\x19\x18\x06\x8d\x72\x9c\x58\xfc\x92\xad\x59\x90\x45\x9b\xd5\x42\x97\x4f\xbe\x35\x71\x1a\x29\x6e\x93\x74\x6f\xe2\xe3\x23\x8e\x42\x26\x4a\x8c\xfa\xfd\x2d\x5b\xea\x0b\x2e\xa3\x96\xeb\xc8\x07\xc4\x52\xcf\x53\x9c\xc3\x9c\xab\x37\xe9\xf4\x78\x83\x3e\x91\x40\xaa\x22\xb9\xc4\x49\xb0\x91\xe5\x29\x1b\xa6\x59\xa4\x1a\xf9\x42\x51\x97\x63\x97\xa3\x31\x96\xad\xba\x21\x08\x3b\xd8\x0f\x89\x23\xd4\xe3\x07\x16\x21\x7b\x2c\xe5\x2d\x71\xc3\x31\x09\xd2\x28\x82\x34\xbb\xf4\x92\xf4\x70\x44\xed\xb1\x4b\x47\xd2\x8f\x2b\x87\xd4\x49\xa3\xba\xe6\x80\x56\xb6\x59\xcf\x90\x4e\x83\x85\x1d\x25\x77\x96\x2c\xe2\xb3\xe5\xab\x4a\xd7\xf2\x2c\xa5\xe7\x24\x48\x69\x3f\x96\x67\x62\x2f\x2e\x47\x8b\xba\x1c\x5b\x37\x71\x9e\xda\xb5\xb9\x18\x4b\x7b\x19\x24\xb4\x0c\xc1\x9a\xa6\x87\x2c\x5d\x13\x69\x3e\xc6\x86\x42\x92\x1b\xea\xc5\x5a\x87\x6b\xd4\xa0\x15\x0e\x6e\xdd\x9e\x2c\x6f\x96\xac\xbd\x27\xb5\x0a\x2b\xea\x67\x68\x9b\x6b\x75\xca\xb6\x13\xd5\xe6\xc3\x92\x2b\x97\x16\x6e\x44\x2c\x18\x0a\xcb\x9a\xa8\xdf\x94\x86\x07\xf9\x01\x9b\x90\x70\x4c\x22\x39\x7b\xd5\xee\xf1\x4f\xb1\x7f\xdf\xfe\xb3\x2a\x11\xb7\x03\xec\x93\x7d\xf4\xa7\xd8\xb6\x67\x23\x86\x74\x4d\x60\x82\x7c\x06\x26\x48\xf5\xbc\xf2\x42\x3d\x35\x6f\x8f\x4e\x2e\x94\x15\x2c\xb5\x92\x18\x4e\x2a\xca\xd9\x34\x9f\x20\x99\x9e\xcf\xd3\xc8\x39\x6d\x3b\xab\x52\x95\x99\x42\xa7\xa3\x58\xa6\x5e\xf5\xe0\x89\x2d\xa5\xda\xfc\x48\x09\xea\x1e\x78\xbe\x4b\x89\xb2\x77\x0a\x85\x22\x6d\xa3\x58\x76\x87\x65\x26\xd5\x32\x4b\x27\x1f\x9b\x7f\x59\x76\xe6\xdd\x03\xb7\x43\x0f\x59\x3f\x11\x25\x61\xd7\x66\x01\xe9\x72\x36\xc1\xbf\x6c\x46\xe9\xfb\xad\xcd\xb7\xbb\x7b\xff\x33\x97\xc6\xf5\xef\xb7\xbb\xae\x7f\x2d\xdd\xb5\xaf\x05\xbe\x5c\xcb\x29\xf0\xfe\xaa\x33\xe8\x6f\x6e\xa3\xdd\x9d\x9d\xad\x8c\xaf\x79\xea\xe6\x67\xf4\x67\x86\x0b\x81\x93\x03\x50\x3b\x34\xdc\xc4\x67\xb9\x80\xb6\x68\x8f\x2c\x31\x4f\xa7\x06\xea\x3a\x31\x54\xec\xe4\x50\xa5\x2b\xf4\xb2\xe0\xcd\xa7\xaa\xe8\x35\x29\x1d\x65\xa8\x2b\x6e\xd4\x3d\xe5\xf1\x7c\x7e\xff\x8f\xff\x9e\xb9\xca\xf6\x7f\xf4\xe2\x84\xe3\x30\xf4\xe3\xd4\xc5\xe2\x52\xfe\x91\x42\x01\x15\x56\xba\x6c\x7e\xd3\xe4\x55\x57\x58\xde\x34\x96\x2d\xc5\xb4\x6a\xd5\x95\x92\xb7\x7e\x65\x4b\x31\x44\xa1\xb4\xb4\xbb\xbf\xde\xcb\x3e\x74\xf5\xb8\x66\x51\xd7\xcc\x5f\x86\x60\xc7\xbf\xc2\x00\x1f\x04\xa3\xac\x29\x3a\xae\x2b\x86\x31\x09\x4b\x94\x88\x4c\x62\x71\x9a\xf6\xe9\x12\x36\x90\x02\xcc\xa0\xec\x51\x43\xf5\x5a\x9f\x36\xcb\x11\x32\x2f\xfa\x2f\x91\x50\x4e\xc0\xf2\x37\x55\xaa\xbe\x1c\x7c\xf9\x52\x7c\x8c\x1d\xa7\x34\xf1\xc9\xf1\xe5\xf5\x5f\xc3\x93\xa3\xeb\x8b\xe3\xf3\xef\xc3\xec\x8d\xc9\x08\x05\x11\x3d\xe0\xdf\x38\x09\xf6\xd1\xd6\x56\xbe\x8b\xc5\x8e\x67\x43\x59\x90\x19\xce\x52\x72\x09\x34\xaa\xb9\xa5\x17\xd5\x5d\xcc\x8c\x1a\x5d\x08\x5d\x56\x7d\xe1\x52\xe8\xa5\xb4\x41\xdb\xdb\x95\xd8\x95\xb3\xee\x98\xde\xf3\x5c\xec\x7b\xf2\x3c\x55\x2a\x07\x9b\x15\x9c\x33\x79\x47\xda\xb4\x63\x02\x0b\x72\xb3\x26\xeb\x62\xbb\xd7\xaf\xca\xc6\x6b\xf3\x25\x27\x13\xea\x57\xed\xab\x5d\xe6\xeb\xbc\x95\x4d\x50\xee\xce\x9d\x0b\x6c\xf9\x4f\xe1\xad\x76\x11\xde\xcc\xbb\x74\x57\x3b\x75\x57\xb8\x75\x0f\xf2\x31\xe1\x24\x70\x99\x53\xf9\x7a\x8a\x6b\x77\xd1\x31\x7c\x90\x55\x94\x2b\x63\xf5\x9e\xd7\x50\x2d\x61\x14\x8c\x19\xff\xdd\x88\x42\xc8\x4e\xe6\x5c\x7c\x42\x7e\x49\x98\x19\x2b\x97\x46\xa1\x22\xa3\x8e\x34\x70\xb9\xbc\x68\xa3\xd4\xbd\x4c\xa1\x73\xbb\xdb\x54\x09\xe8\xe2\x51\x57\x55\xca\x06\xdb\xdf\xd4\xcd\x66\xd0\x66\x37\x5c\x55\xe3\x6c\x1b\xd7\x6a\x55\x04\x36\x98\xd9\xdf\xb3\xd9\x60\x86\x24\x90\x64\x6d\x2e\xa3\x1f\x03\x6c\x93\xb3\xec\xf2\x4f\x43\x5f\x9e\xaf\x4b\x49\xbd\x02\xfc\x06\x1d\xd0\x07\xa5\xb1\x23\x97\x0b\x78\x9b\xb8\x9c\xe3\x1b\x8f\x20\xcc\x91\xc7\xe8\x08\x61\xf3\x43\x28\x86\x9d\x50\x85\x1c\x73\x84\xd1\x76\x7f\x1b\xf9\x22\x37\x0e\x51\xcf\x4c\xb7\x69\xa6\xdb\xec\xf7\x11\xa3\x08\x27\x60\x9c\x98\x7d\xcb\xf6\x46\x7a\xdb\xf0\x97\x6a\xec\xc2\xa2\x40\x73\x12\x20\x09\xe8\xce\x63\x78\x9b\xe0\xa7\xad\xa6\xc1\x4f\x53\xc3\x7a\xb2\x0d\x29\x8f\xd1\x29\x65\x12\xc8\xc7\xe1\xa8\x5f\x55\xdc\x4e\x3d\xbd\x40\x6d\x21\x33\x3a\x95\xb4\x87\xed\xe6\xe0\x9f\x00\x67\xd1\x4b\x24\x1e\x4d\xd3\x23\x24\x1e\xe3\x1c\xfe\xd7\x54\x50\xe1\x3e\xb2\x07\xde\x23\xe0\x3d\x02\xde\x23\xe0\x3d\xf2\x5c\xbd\x47\xc0\x3d\x04\xfc\x3f\xc0\xff\x03\xfc\x3f\x10\xf8\x7f\x80\xff\x07\x02\xff\x0f\xf0\xff\x00\xff\x0f\xf0\xff\x78\x69\xe6\x39\xf0\xff\x00\xff\x0f\xf0\xff\x48\x9e\x82\xff\x07\xf8\x7f\x80\xff\x07\xf8\x7f\x80\xff\x07\x02\xff\x0f\xf0\xff\x00\xff\x0f\xf0\xff\x00\xff\x0f\xd8\x60\x82\xff\x07\xf8\x7f\x80\xff\x47\x52\x30\xf8\x7f\xb4\xf7\xff\xf8\x49\xf0\x3d\x91\xbc\x21\xbb\xc6\x25\xc9\xfa\x4c\x28\x71\x3e\x40\x36\xa6\xe8\x86\xa0\x88\x13\x07\x85\x0c\xc5\x9b\x46\x82\xb0\xa8\xf2\xd6\x1a\x33\x1e\x12\x07\xfd\x10\xa5\xa1\x13\x12\x22\x97\xf2\x10\x7b\x9e\x32\x6b\x57\x0d\xee\x17\x79\xee\xea\x86\x64\x62\x1c\x04\x66\xd2\x89\x4e\x54\x5b\xb1\x2b\xc8\xb9\x54\x9f\x68\x7a\x4e\x54\xcd\xf5\x92\xad\x31\x91\xef\x69\xb5\x86\xed\xba\x4d\x8d\x05\x39\xd9\xba\x65\x39\xd9\xc9\x8b\x77\x52\x95\x09\xf7\x9a\xaa\x72\xa2\xbd\xb4\x37\xa8\xd2\xe0\x8c\x66\xbc\x93\xac\x59\x5e\x53\xc8\xa0\xf8\xc8\x32\x27\xcd\xfe\xf5\x78\xd5\xb9\x23\x0f\x57\x9d\xfd\xab\x8e\x43\x1c\xd7\xc6\x21\x71\xae\x3a\x1b\x57\x9d\x58\x76\xc8\x57\xc7\x7f\x47\xd8\x93\x8f\xa5\xac\x95\xcf\xd4\x2d\x24\xf2\xa1\x92\x41\xf2\xa9\x21\x86\x3a\xbf\x33\x17\x6b\x15\xbe\x5e\xcd\xb0\xe6\xbe\x13\x2a\xd7\x73\x50\x9d\xae\x83\xe6\xd5\x77\x50\x23\x9d\x07\x35\xd5\x7b\xd0\x0c\xba\x0f\x6a\xa6\xff\xa0\x69\x3a\x10\xca\xea\x41\x75\xb6\xea\x7c\xaf\x73\x25\xb6\xb2\x5a\x27\x59\x6a\x6c\xd7\x49\x9a\x0a\x0b\x36\xaa\x32\x31\x22\x43\x69\x91\xf3\x27\x5f\x6f\xd9\x7d\xd4\x71\xb6\xde\x98\x4d\x48\x4f\x66\xeb\xa9\x43\xf6\xae\x69\xea\x55\xbf\xa2\xa5\xc5\xac\xf3\xd3\xe9\xc5\x65\x99\xb5\x05\x4d\xb1\x76\xa0\x69\x16\x0f\x24\x45\x4c\x11\xb1\x2b\x8a\x51\xb6\x11\xb1\x5c\xba\xe2\xbb\x9d\x14\xec\x33\x66\xa3\x87\x67\x07\x5f\xbe\x9c\x1e\x5e\x9f\x1f\x9c\x7c\xac\x6e\xb9\xfa\x52\x31\x2b\xf8\xe1\xf0\xe8\xbc\xf8\xc5\x50\x6a\x83\xeb\x4a\x01\x75\x86\x39\xff\xc9\x02\xa7\x38\x01\xd2\xea\x7f\x1c\x1f\x7c\x3f\xbe\x3e\x3b\xb8\xb8\xf8\x71\x7a\x7e\x34\xad\xfe\x7c\xb1\x15\x2d\x28\x4c\x97\x6c\xe3\xbe\x5e\x7e\x2b\x99\x94\x99\xc3\x02\x91\xa4\x5f\x9a\x28\xdb\xf0\xaf\x97\xdf\xa6\xb5\xf9\xeb\xe5\xb7\xda\x96\x56\x36\xa5\xfc\x9d\xa1\xe4\x16\x8d\xe2\x68\x9a\x25\x04\xd5\x18\x3b\x90\x3e\x0f\xdb\x47\xc9\x2d\x04\x65\x49\xb4\x46\x6c\x7a\x3f\xe5\x12\x48\x4d\x69\xf7\xed\x5e\xc1\x2a\xd2\x48\x05\x46\x35\x77\xd4\xa3\xfa\x7b\xea\xab\xb4\xd0\x69\x26\x5f\x54\x73\xbc\x11\xff\x2a\xee\xf7\x88\x7f\x19\xdc\x71\x6e\xca\xda\x66\xde\xf3\x51\x99\x2c\x2e\xc7\xa6\xae\x75\xe3\x96\x62\xbb\x59\x8e\xf8\x5e\x3d\xe6\x87\x53\x0b\xda\x6c\x54\x92\xc0\xc0\xfa\xa2\x84\x46\xda\xa8\x28\x12\xda\xd5\x25\x39\x37\xe5\x53\xa7\x50\xca\x3d\x0e\x7a\x9e\x7b\xd3\x2b\xcf\x10\x17\xe7\xb9\x37\xd6\x84\x09\x0d\x63\x6a\xa9\xa2\xb0\xca\xa4\x71\x79\xbf\xe4\xfd\x7d\xf2\x72\xae\xbb\x69\x05\x06\x11\xed\xe9\xf4\xdd\x62\x7a\x2b\xab\xce\xf8\x85\x31\x79\x31\x12\x25\xc5\xa5\xc3\x93\x61\x25\x34\xad\xeb\xb2\x5e\xd6\x8c\xf0\xbd\x68\xe4\xe6\x2f\x49\x9c\xa2\xa8\x30\x3f\xec\x05\x77\xc4\x0a\x19\xf3\x78\x2f\x53\x8e\x65\x53\xb7\x44\x6d\x49\xbf\x8d\x14\xa0\x5f\x18\xf3\xc5\xfe\xb4\xe2\x2b\xad\x6c\x50\x1b\x62\x5c\x0e\xde\x2a\x5d\x36\xe2\x97\x67\xc3\xa3\xe2\x0b\x7d\x1b\x59\x15\xa7\xed\xb4\x5e\x73\xf2\xc5\xa5\xd1\x2f\x1d\xc4\xb0\x8f\x1e\x73\x07\x8a\x45\x6f\x89\x92\x0d\x4c\xb9\x91\x4f\x8d\x48\x95\x5d\x4e\xfd\xea\x2c\x7a\x6d\x72\x17\x8c\x88\xc5\x0b\x67\xb3\x9f\xa8\x42\x4e\xc9\x61\x16\x5f\xa7\x64\x6e\xa8\x8f\x16\x03\x77\x89\x1e\x3e\xe5\xf3\x4f\x2f\xbb\x20\xef\xa6\xc9\xba\xe9\x45\x16\x05\xdf\x34\xa1\x37\xbd\xcc\x82\x04\xac\x93\x7e\xcd\x47\xb4\x98\xbb\x81\x18\x9c\x5e\x7c\xa5\x60\x6c\x02\x81\xd3\x8b\xaf\x02\xc5\x12\x2f\xc0\x99\xef\xaf\xdf\x2b\xdd\x2c\x86\x0f\x3e\x91\x0e\xb3\xe9\x45\xf6\x33\xdd\x6a\xd3\x2a\x30\x27\xb3\xfa\x33\x66\x8e\x92\xf7\x0b\xb9\xc0\xa4\x55\x8c\x4e\x8b\xe6\x4d\x0b\x1f\x88\x0d\x50\x65\x9e\xd9\xd9\x40\x81\x7c\x5c\x40\xb3\x38\x19\xd4\x3e\x72\xa4\xc8\xe7\x59\xd9\x42\x9d\xd4\x17\x62\xc1\x5d\x7c\x4b\xea\x06\x27\xbd\xeb\xa5\x2a\x88\x24\x89\x58\x41\x0b\x8a\x29\x69\xe8\x6e\xdd\x66\x76\x18\x1e\xd7\x35\xae\xd4\x99\x12\x1b\x79\x66\xb7\xf4\xb0\xce\x49\xdb\xc5\xaf\xa8\x45\x2c\xa5\x9a\x1b\x97\x5a\x2e\xb2\x6c\xbc\x8b\x95\xef\xfe\x2c\x31\x18\xad\xc2\x3d\xea\xe6\x75\xd3\x60\x8f\xe5\x85\x64\x2c\xe6\x93\x14\x66\xf6\xf3\x9c\xd2\x86\xbd\x2b\x7f\xd4\xb4\x07\x27\x4d\x69\x4c\x5f\xcf\xb8\x99\xe8\xb9\x1d\x3a\xc1\x91\x11\x1c\x19\xc1\x91\x11\x1c\x19\x65\x7f\xcf\xcc\xc0\x07\x47\x46\x70\x64\x54\xd6\x70\x38\x32\x82\x23\xa3\xda\xa2\xe0\xc8\x08\x8e\x8c\xe0\xc8\xa8\xf0\x83\x23\xa3\x19\x06\x15\x8e\x8c\xd2\x11\x81\x23\xa3\xe6\x65\xc3\x91\x51\x79\xb9\x70\x64\x04\x47\x46\x70\x64\x04\x47\x46\x70\x64\x04\x47\x46\x70\x64\xf4\x0a\x8f\x8c\xfe\x40\xe8\xf7\xc6\x1f\xf1\xa9\x51\x67\x1f\x3d\xca\x33\x24\x65\xe8\x7f\x3f\xe8\x0e\x76\xbb\x7d\x4b\x9e\x0b\x74\xf6\xb3\x51\x4c\x1b\xd9\x84\x7b\xdd\xbe\x15\x60\x6a\x8f\x49\xd0\x57\xe7\x04\x76\x65\xee\x3d\x59\xed\x1f\xb2\xe6\xce\xe7\x3d\xae\xbf\xe7\x90\xde\x32\xdd\x82\x8e\xa8\xa3\x9f\x34\x67\x82\x7f\x9d\x7f\x3e\xd6\xc9\x44\x51\xfd\xee\x66\x77\x53\x37\x41\xbc\x54\x15\x1b\x09\xc4\xeb\xa4\x6f\xb2\xb0\xee\x20\x6e\xdf\x20\x29\xd7\x21\x7e\x40\x6c\x1c\x92\xea\xd2\xd3\x24\xd3\xeb\x18\x2c\xb2\xc1\x9b\x8b\x2c\x6c\xab\xae\xb0\xad\xee\xa0\xbe\x30\x91\x20\x53\xdc\x76\x75\x71\x83\x6e\xbf\xdb\x9f\x56\xdc\x56\xb6\xb8\x9d\xee\x4e\xf2\x6d\xac\x29\x83\xb8\x37\xa5\xdf\xdd\x77\x99\xb2\xf7\x16\x38\x8a\x7b\xdd\x41\xbf\xac\x9d\x8b\x9d\x45\x7b\xdd\xc1\xd2\x67\xea\xbb\x05\x8e\xca\xbb\xee\xdb\x65\x35\x57\x23\x84\x4e\xa0\x49\x3d\x53\xbc\xe0\x31\x58\x6c\x76\xc5\xfc\x96\x53\xe9\x6d\xf7\x97\x2c\x5f\x4e\xb3\x7e\xfc\x74\xc7\x7c\x3a\x28\x7d\xba\x59\xfa\x34\x29\x77\x37\x7e\xaa\xa3\x3c\xcd\xfa\xe2\x66\x7e\x3e\xae\x6e\x62\xdf\x2c\x6a\xcb\x9c\x45\xe5\xa5\x66\x92\x14\x90\xf2\x88\xd9\x77\x24\x30\xf1\x52\xc3\xe5\xbf\xe4\xd0\x0a\x28\xd2\xed\x95\x7f\x6c\x9a\x7f\x6c\xa5\x7f\xbc\xed\xf6\x8d\xbf\xf6\xba\xfd\xdd\xcc\x5f\xef\xd2\xbf\xde\xa9\x94\x7f\x20\xf4\xef\x0d\x5d\xdd\x60\xb5\xd5\x6d\xce\x59\xdd\xdb\x4c\x75\x6f\x33\xd5\xb5\x6c\xca\xd6\xf3\x69\xca\xb6\xd9\x94\x55\x54\xb8\xb3\xea\x0a\x77\x57\x5d\xe1\xdb\x15\x57\xb8\x37\xeb\x6c\x32\xca\x78\xb7\x9a\xb5\x58\xc0\xa1\x1f\xca\x19\x40\x6b\xa4\xda\xd4\x69\xaa\x70\x3b\x89\x44\x20\xa1\xed\x74\xf6\x11\x8d\x3c\x4f\x15\x2c\x54\x52\xec\xbb\x85\x67\x1e\x09\xe3\x4c\xa8\x83\x1d\x27\x20\x9c\x2b\xd9\xd1\x4f\x55\x0b\xd4\xc1\x94\xd1\x87\x09\x8b\xb8\x25\x54\x67\x91\xe0\x16\x7b\x9c\x24\xaf\xa3\x70\x4c\x68\xe8\xda\x52\xa1\xb6\x42\x76\x47\xa8\xf5\x93\xdc\x8c\x19\xbb\x13\x89\xc3\x20\xca\xa4\x4d\x74\x6f\x6b\xc2\x1c\xa1\x07\x77\x7e\xe8\xc4\x3a\x91\x4d\x82\xd0\x72\xdc\x40\xbc\xfa\xd7\xd9\xf9\xf1\x87\xe1\xff\xbe\x3e\x3b\xb8\xfc\xf4\xef\xc4\xca\xa6\x1b\xdf\xf3\xef\xdc\x24\xd3\x48\x6e\x83\x2c\x9f\x04\xd6\xdf\x8c\x17\x5a\xa9\xad\x8f\xe5\xe5\x32\x3f\xec\xd9\xd4\xed\xdd\xb8\xd4\x4c\x2f\x36\x4b\xe5\x19\x48\x68\xcb\x0c\x94\x84\x5d\x27\xce\x42\xe8\x2d\x0b\x6c\x62\x49\x4a\x13\xec\x79\xcc\xc6\xd2\xa6\x26\xb2\xff\xf9\x67\x92\xea\x9e\xd0\xd0\xfa\xdb\x57\x23\x1d\x3f\xbd\x25\x38\x8c\x02\x62\x8d\x70\x48\xe4\x9b\x4f\x0f\x3e\x09\xbe\x27\x5c\x89\xef\xc5\x28\x6e\xe8\x49\xf0\xf1\xeb\xc5\xc1\x7b\x73\x58\xe5\x11\x82\xe5\x47\x9e\x67\xf9\x01\x53\xfc\x0c\x0e\xc1\x8e\xe7\x52\x59\xfb\x56\x7f\x12\x27\x95\xdb\x93\x80\x48\xae\x0f\x31\x4b\x3a\xb6\x1f\xbd\xdf\xe9\xf7\x27\x1b\x8a\x40\x42\xfc\xfb\xab\xbb\x41\xfc\x31\x99\x90\x00\x7b\x16\x0f\x59\x80\x47\xe4\xfd\xe0\x63\x32\xd6\x13\x7c\x47\x2c\xd7\xd7\x26\xc7\x28\x74\x3d\xcb\x1e\x63\x57\xce\xc7\xcc\xe7\xd6\x06\x1c\x7d\x00\x22\x6b\xa3\x49\x29\x01\xc1\x8e\xc5\xa8\xf7\x60\xf9\x2c\x08\x33\xa3\x21\x76\xae\xde\xbd\x1c\xff\xec\xe0\xf1\x30\x20\x78\xe2\xd2\x91\x78\x47\x13\x96\x71\x8f\x58\x9a\xce\x23\xd7\x5b\xb5\x0f\x2b\xf4\x77\xd0\x37\x3a\xbc\xf9\xb1\xac\xbb\x9b\x69\x77\x43\x8f\x5b\xb6\xeb\x8f\x49\x60\xf1\xc8\xd5\xdf\xe7\xf2\xcb\xc5\xf5\xf1\xe1\xd1\xa7\x63\xf1\xff\x17\x07\xd7\x3f\x86\x97\x9f\xae\x0f\x8e\x2f\xae\x07\x9b\x7b\xd7\x1f\x0f\xbf\x5e\x5f\x7c\x3a\xd8\xdc\xd9\xdd\xa8\x4c\xb7\xb9\xb3\x1b\xa7\xdb\xda\xdb\x2e\x4f\x77\xf8\xe9\xe0\xf0\xd3\xc1\x66\xff\xfa\xec\xf4\xcb\x3f\x07\x5b\xfd\x1d\x23\xd9\x79\xa3\x4a\xcf\x1b\x55\x79\x5e\x59\x61\x3c\x06\xf7\x52\x59\x4c\xfe\x92\xc7\x12\xfa\xb3\x36\x5b\xaa\x2a\x8b\x3e\x09\x13\x10\xa7\xd4\x5a\x35\x21\xfd\x80\xfd\x7a\x48\xa1\x88\x50\x31\xb3\x2c\x87\x07\x85\x65\x5c\x58\x27\x3f\x5c\x7a\x7a\x4f\x02\x0f\x3f\x64\x56\x84\x66\x91\x91\x84\xd5\x96\x01\x6d\x89\xf3\x44\x9c\x50\x56\x9d\x20\xd1\x1d\x09\x28\xf1\xe4\x4e\x3e\xd7\xf3\x5c\x8b\x0f\x13\xbe\xcb\x0c\xaa\x26\x0e\x7e\xfa\x69\x66\xef\xb5\x0b\x08\x0d\x08\x0d\x08\x0d\x08\x0d\x08\xfd\x4c\x11\xfa\x2d\x20\x34\x20\x34\x20\x34\x20\x34\x20\xf4\xf3\x42\x68\x6d\x0e\x39\x74\xb9\x72\x06\x39\xc3\x01\x9e\x24\xe6\x8f\xd4\xa4\xab\xc0\xfb\x86\x50\x7b\x3c\xc1\xc1\x9d\x61\xe8\x0e\xee\x88\x65\xbb\xdc\x1a\x74\xb7\x73\x27\x22\xad\xb2\xa5\x0d\xf9\x2b\x97\xda\x34\x11\xc7\x39\x12\xd3\xbf\x4b\x3f\x27\xe1\x23\x99\x13\x9c\x81\x71\x3e\xa3\x72\xed\x34\xc9\xb5\x93\xe6\x32\x5b\xd8\xae\xbe\x34\x67\x8b\x3a\xff\x40\xbf\xff\xf8\xfd\xff\x07\x00\x00\xff\xff\x9a\x87\xab\x55\x6f\x0c\x07\x00") +var _dataDataJson = []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\xbd\xfb\x53\xdc\x3a\xb6\x2f\xfe\xfb\xfc\x15\xaa\xce\xdc\xda\xf7\x9e\x2f\x6e\xba\x79\x85\x70\x2b\xf5\x2d\x36\xb0\x13\x2a\x09\xf4\x05\x92\x7d\xa6\x86\x29\x4a\xd8\xa2\xdb\x07\xb7\xe5\x6d\xd9\x24\x0c\x87\xfb\xb7\xdf\xd2\xc3\xb6\x6c\xcb\x6e\xbb\x5f\x74\xc3\xea\xa9\x9a\x1d\x6c\x59\x6f\x7d\xd6\xd2\xd2\x5a\x1f\x3d\xfd\x0d\x75\xbe\xec\xb3\x1f\x24\x64\x2e\xf5\x2f\x49\xf8\xe0\xda\xe4\x3c\x88\x5c\xea\xb3\xce\x01\x7a\xfa\x1b\x42\x9d\x87\x7e\xb7\xdf\x53\x7f\xa0\x0e\x89\x6c\xa7\x73\x80\xfc\xd8\xf3\x36\xc4\x83\xfb\xf8\x96\xe0\xc0\x4d\x12\xa0\x0e\xf6\x3c\xfa\xd3\x0a\x42\xf7\xc1\xf5\xc8\x90\xf0\xd4\x9d\x28\x8c\x49\x67\x43\xbd\xf7\xa9\xff\x38\xa6\x31\xb3\x70\x1c\x8d\xf8\xdb\x3b\xec\xb1\xf4\xf5\xad\xeb\x3b\x16\x76\x9c\x90\x30\x5e\x85\x4e\xaf\x2b\xfe\x97\xbc\x26\x3e\xbe\xf5\x88\x85\x9d\xb1\xcb\x78\x9d\xad\xc0\x8b\x87\xae\xa8\x6d\xe7\x0c\x8f\x09\x0b\xb0\x4d\xbe\xba\x77\xc4\x7e\xb4\x3d\xb2\xf1\xd5\x1d\xbb\xd1\x05\xf6\x87\x24\xdc\x50\xcd\x3b\xb4\x6d\x1a\xfb\xd1\xc6\x31\xb9\xc3\xb1\x17\x5d\x46\x34\xc4\x43\x72\xe4\x61\xc6\x92\x67\x57\xd4\x23\x21\x8e\x44\x97\xd8\xd4\x77\xd8\xc6\xb7\x38\xc2\x91\xeb\x0f\x0f\x93\x72\xff\x24\xb7\x23\x4a\xef\x37\x7e\x60\xcf\x75\xcc\xaf\x2e\x08\xa3\x71\x68\x93\xff\x13\xd3\x08\x6f\x9c\x51\x87\x5c\x10\x16\x85\xae\xcd\x33\x4e\xda\xe3\xfa\x8c\xd8\x71\x48\xac\x80\x86\x91\x68\x6f\xf2\x86\x77\xac\x47\x22\x2b\x08\xc9\x1d\x09\x43\x92\xf6\x8a\x15\x3d\x06\x44\x34\xf8\xd4\x8f\x48\xe8\x63\xef\x74\xb0\x71\xf2\x2b\xfd\xe7\x67\xca\x22\x1f\x8f\xd3\x1e\x0d\x42\x7a\xe7\x7a\xae\x3f\x2c\xf5\x75\x48\xfe\x8a\x09\x8b\x46\x04\x3b\x24\xb4\xc8\xaf\x28\xc4\x96\xfc\x83\x89\x62\xdd\x5f\xfc\x93\xff\xb4\x2e\xc8\x98\x46\xc4\x3a\x11\x09\xcc\x1f\x0f\x43\x1a\x07\xc9\xc7\xb9\xaf\x3e\xf1\x37\xe6\x8f\x62\xc6\xeb\x3c\x26\xc6\xef\xbe\x33\x12\xa6\x9f\xc5\x7e\xe4\x8e\x89\x65\x53\xff\xce\x15\xed\xe0\x73\x87\x86\xee\xbf\xc5\x28\x75\xef\xf7\x59\xd7\xa5\x9b\x0f\xfd\x5b\x12\xe1\xfe\x47\x7d\xba\x15\xba\x77\x6f\x67\x67\x3b\x7b\x25\x26\x84\x85\xe5\x8c\xb0\x3c\x4a\xef\xe3\xa0\x38\x5f\x99\x9c\x20\xd6\x2d\xb6\xef\x89\x2f\xa6\x33\x5f\x04\x69\x2e\x91\xc7\x2c\xdb\x0d\x46\x24\xb4\x58\xec\x46\x72\x64\xae\xbe\x5e\xde\x9c\x1c\x1d\x7f\x3e\xe1\xff\x7f\x79\x78\xf3\xe7\xe9\xd5\xe7\x9b\xc3\x93\xcb\x9b\xfe\xd6\xfe\xcd\xa7\xa3\x6f\x37\x97\x9f\x0f\xb7\x76\xf7\x36\x2a\xd3\x6d\xed\xee\x25\xe9\xb6\xf7\x77\xcc\xe9\x8e\x3e\x1f\x1e\x7d\x3e\xdc\xea\xdd\x0c\xce\xbf\xfe\xa3\xbf\xdd\xdb\xd5\x92\x5d\x34\x2a\xf4\xa2\x51\x91\x17\x95\x05\x76\x78\x17\x3c\x67\x40\xe0\x91\x48\x03\x82\xca\x45\x3c\x23\x44\xf0\x87\xc4\x8f\x5c\x5b\x0c\xbe\x15\xd1\x7b\xe2\x5b\x3f\xe5\xaa\x2b\x65\xa5\xcf\x13\x6b\x4c\x1d\xc2\x53\xa8\x25\x9a\x24\xb2\xc5\xec\x65\x56\x40\x42\xeb\x2f\x2a\x07\x50\xcb\xc3\xf6\x5d\xeb\xd6\xf5\x2d\xc7\x0d\xf9\xab\x4d\x1a\x44\x9b\xb6\xef\x6e\xde\xba\xbe\x9e\x84\x4f\xce\x34\x0d\x89\x6c\x91\xc6\x27\x51\xd7\xc9\xc0\xeb\x8e\x86\x36\xb1\x7c\xea\x10\x8b\x77\x82\x8d\x23\x0e\x67\xfc\x8b\x34\xcd\x03\xf1\x23\xeb\xaf\x80\xe5\xc0\x60\x8c\xef\x89\xe5\x06\x22\x35\xb3\xe2\xc8\xf5\x2c\x7b\x84\x15\xee\xe9\xed\xf5\x49\xf4\x93\x86\xf7\x0a\x16\xf9\x5b\xdb\x77\xb3\xd5\x87\x1d\x8b\xfa\xde\x63\x19\x6d\x42\xc2\xa8\xf7\x20\xda\x90\xd6\x5f\x3e\xeb\x8a\x67\xe9\x62\x08\x09\x1e\xbb\xfe\x90\xa7\xf4\x89\x80\x32\xcb\x75\x3c\x62\xf1\xf5\x49\x63\x91\xe9\x76\x6f\x0c\x8b\xa3\xb7\x9b\xf4\xc1\x03\x6f\xf3\x56\xfa\x17\xf5\xe2\x31\x51\xe3\x93\x4e\x97\x07\x1c\x6e\x7a\xee\xed\xa6\x5a\x44\x9b\x32\x55\x22\xdb\x0a\xab\x2c\x08\xe9\xaf\xc7\x6c\x9d\x8d\x08\xf6\xa2\xd1\xbf\xad\xa2\xe4\xec\x6f\xbd\x17\xcb\xae\x5f\xa8\x48\x21\xb7\x23\xea\x47\x21\xf5\x3c\x12\x36\x5d\xba\x36\x8e\xd4\x1c\xb6\x5d\x27\x2c\x4d\x41\xb9\xba\x63\x3f\xc2\xc3\x21\x71\x2c\xdb\xa3\x71\x69\x85\x4b\x20\xe7\xc0\x2c\x5e\x5b\x21\x8d\xd5\xe4\xc8\xad\x74\x25\xed\x47\x94\x45\x01\x8e\x46\x56\x10\xd2\x07\x97\xcb\x58\x51\xd9\x7c\x5a\x4f\x49\x31\x8f\xd8\x51\x69\x55\xf0\xca\x8e\xa9\xef\x46\x94\x8b\x2a\x6c\x13\xbe\xd6\x5d\x2a\xea\xb5\xd3\x63\xa9\xa8\xa4\x8e\x45\x1e\xa4\x84\xd6\x67\xf4\xee\x58\x4b\x53\x29\x4e\x23\x12\x8e\x5d\x1f\x47\xc4\xb1\x78\x46\x43\xdb\x8a\x46\x21\x61\x23\xea\x89\x72\xfa\xbd\x5e\xaf\x7a\x28\x98\x3d\x22\x4e\xdc\x70\x14\xea\xda\x5a\x5d\x3f\xbd\xd0\xbf\xa9\x82\x85\x7a\xd7\x07\xf5\x0e\xd4\x3b\x50\xef\x40\xbd\x03\xf5\x0e\xd4\x3b\x50\xef\x40\xbd\x03\xf5\xee\x35\xa9\x77\x5b\xa0\xde\x81\x7a\x07\xea\x1d\xa8\x77\xa0\xde\x81\x7a\x07\xea\x1d\xa8\x77\xa0\xde\xbd\x26\xf5\x6e\x1b\xd4\x3b\x50\xef\x40\xbd\x03\xf5\x0e\xd4\x3b\x50\xef\x40\xbd\x03\xf5\x0e\xd4\xbb\xd7\xa4\xde\xed\x80\x7a\x37\x67\xf5\x6e\x63\x10\xba\x34\x74\xa3\x47\xd0\xf3\x40\xcf\x7b\x05\xa2\x0c\xf4\x3c\xd0\xf3\x40\xcf\x03\x3d\x0f\xf4\xbc\xb5\xd6\xf3\xba\xfd\x9e\x15\x62\xdf\x1e\x91\xb0\x6f\x95\x5c\xf2\x54\x75\x6c\xcf\xe5\xd0\x64\x93\x30\x4a\x71\x39\x57\x30\x21\xa1\x55\x99\xa8\x30\xeb\x40\x77\x04\xdd\x11\x74\xc7\x37\x2d\x1e\x41\x77\x04\xdd\x11\x74\x47\xd0\x1d\x41\x77\x5c\x6f\xdd\xf1\x03\xa8\x8e\xa0\x3a\x82\xea\x08\xaa\x23\xa8\x8e\xa0\x3a\x82\xea\xf8\xe2\x8b\x03\x54\x47\x50\x1d\xd7\x42\x75\xdc\x85\xe3\xe5\x45\xe9\x79\x1b\x57\xd8\xf5\x23\xfe\x96\xfd\xfe\x78\x44\x7d\xc7\x95\xaf\x49\xc8\x5c\x16\x11\x3f\xfa\x21\x56\xfa\x91\x87\xdd\xf1\x05\x61\xee\xbf\x09\x68\x86\xa0\x19\xbe\x02\xe1\x37\xa5\x66\x08\x9a\x1f\x68\x7e\xeb\x3f\xf9\x41\xf3\x03\xcd\x6f\x3d\x34\x3f\x38\x70\x06\x6d\x12\xb4\x49\xd0\x26\x57\x5c\xa0\x82\x36\x09\xda\xe4\x9b\x9d\xfc\xa0\x4d\x82\x36\xb9\x26\xda\xe4\x5e\xa6\x4c\x96\x18\x67\x40\x99\x04\x65\x12\x94\x49\x50\x26\x5f\x5c\x9e\x82\x32\x09\xca\xe4\x9b\x9d\xfc\xa0\x4c\x82\x32\xb9\x26\xca\xe4\x7b\xb0\x4c\x82\x32\x09\xca\x24\x28\x93\xab\x2c\x4f\x41\x99\x04\x65\xf2\xcd\x4e\x7e\x50\x26\x41\x99\x5c\x13\x65\x12\x82\x63\x40\x99\x04\x65\x12\x94\xc9\x95\x96\xa7\xa0\x4c\x82\x32\xf9\x66\x27\x3f\x28\x93\xa0\x4c\xae\x85\x32\xb9\x07\xe1\x32\xa0\xf9\x81\xe6\x07\x9a\x1f\x68\x7e\xa0\xf9\x81\xe6\x07\x9a\x1f\x68\x7e\x6f\x45\xf3\xeb\x6e\x83\x19\x11\x94\x49\x50\x26\x41\x99\x5c\x65\x79\x0a\xca\x24\x28\x93\x6f\x76\xf2\x83\x32\x09\xca\xe4\x9a\x28\x93\x3b\xa0\x4c\x82\x32\x09\xca\x24\x28\x93\xab\x2c\x4f\x41\x99\x04\x65\xf2\xcd\x4e\x7e\x50\x26\x41\x99\x5c\x13\x65\x72\x0f\x94\x49\x50\x26\x41\x99\x04\x65\x72\x95\xe5\x29\x28\x93\xa0\x4c\xbe\xd9\xc9\x0f\xca\x24\x28\x93\xeb\xa7\x4c\x02\x8f\x0f\x28\x93\xa0\x4c\x82\x32\xb9\x7a\xf2\x14\x94\x49\x50\x26\xdf\xec\xe4\x07\x65\x12\x94\xc9\x35\x51\x26\x81\xc7\x07\x94\x49\x50\x26\x41\x99\x5c\x69\x79\x0a\xca\x24\x28\x93\x6f\x76\xf2\x83\x32\x09\xca\xe4\x5a\x28\x93\xef\xa7\xd4\x1f\xd5\xf0\x3c\x6c\x81\x62\x09\x8a\x25\x28\x96\xa0\x58\x82\x62\x09\x8a\x25\x28\x96\xa0\x58\x82\x62\x09\x8a\xe5\x43\xbf\xfb\xa1\x0d\xa5\x4f\xaa\x93\xd9\x72\xde\xf0\x3c\x0b\x4a\xd7\x04\x15\xad\xa8\xf5\x7c\xc5\xb7\xc4\x33\x6a\x6a\x79\xe5\xaa\x52\x6f\x2b\x68\x5d\xf9\x79\x08\x3a\x6a\xbd\x8e\x0a\x8a\x26\x28\x9a\xaf\x40\xd6\x4e\xa9\x68\xce\x06\x11\xa0\x88\x82\x22\xba\x0e\x8b\x03\x14\x51\x50\x44\x57\x59\x11\xfd\x9b\x28\xbb\xf3\x65\x9f\xfd\xe0\xba\x21\xf5\x2f\xbe\x9c\x5c\x3e\xb2\x88\x8c\x4f\xc7\x78\x28\x86\xe3\x29\x31\x82\xf6\xba\x75\x77\x76\x77\xd4\xab\x4d\x9b\x86\x84\x32\x8b\x3f\x3e\x78\xd8\xee\xf6\xbb\x7d\x35\xf1\x3b\xd8\x0b\x5c\x9f\xe8\x69\xc3\x7b\x62\x45\x94\x7a\xec\xe0\xa1\xd7\xed\x77\x77\x54\x42\x7f\xe8\xfa\xbf\x06\x6a\x8a\x4f\x4a\x6c\x93\x30\x3a\xa6\x3f\x7d\x8f\xf2\x0e\x69\xf0\x01\x9f\xf1\xa1\x4f\x22\xc2\x94\x3a\xc8\x2e\x5d\x87\xd8\xb8\xe9\xb7\x8e\x84\xdc\x24\xe5\xfd\x3e\xb3\x1c\x9f\x59\xfc\x95\xf8\x07\x1e\x3b\x7b\x3b\x07\xfd\x6e\x7f\xa7\xbb\xaf\x3e\x73\x7c\x36\xc6\xec\x2f\xd3\x67\xea\x95\xe5\x63\xdf\x7f\x34\x7d\xab\x8a\x34\xd4\x31\xc9\x82\xc9\x57\x35\x1f\x1f\xc6\x11\x65\x36\xf6\xf2\xfd\x63\x7b\x31\x8b\x48\xc8\x97\x14\x17\x06\x2e\xf5\xb1\xc7\xc5\xad\x4a\x9a\xe6\x97\xce\x3a\xad\xeb\xf4\x7c\x46\x8f\x01\x09\xf9\xab\x83\xe2\x34\x51\x9f\xdd\x79\xd8\xf7\x89\x67\x98\x25\xea\x0d\xef\xe4\x0f\xdd\x42\xf2\x23\xdf\xad\xfe\xc2\xb2\x7d\x97\x7f\xb5\x95\xd6\xcd\xc6\x9e\x6b\xd3\x33\x25\xde\xd3\xaf\xc4\x53\x01\x55\x6a\x36\xe6\x92\x17\xcb\x90\xa9\x45\xde\x86\xc4\x91\x67\x4a\x1c\x79\x07\x0f\x5b\x5a\x27\xd9\xd8\xc7\x5e\x8b\x7a\xf8\xb8\xd4\xd4\xca\x6a\xf8\xd8\xfb\xa3\x5d\x67\xfe\x24\xf8\x81\x24\xb5\x11\x7f\x70\xe5\x80\x6d\x8a\x7f\x8a\x49\x7b\xb0\xd5\xed\x77\xb7\xf4\xe4\xaa\x3a\xa5\xd4\x7e\x60\xe7\x12\x07\xd4\x39\xf5\xef\x42\xcc\xe5\x07\x76\xfd\xfc\xec\x0a\x70\xcc\x88\x9a\x43\xdb\x69\x75\x5c\x7f\x98\x00\x5a\x92\x50\xac\x76\x4b\xbd\x48\x36\xb7\x1e\x09\x0f\x7a\x7c\x32\x6d\x25\x93\x69\x3b\x9f\xc3\xef\x99\x2e\x3e\x29\x23\xcb\x91\x7b\x3a\xa5\xbe\x1f\xf0\xe5\x9c\x3b\xde\xe9\x75\xfb\x49\x29\x5b\x8b\x41\xb6\xfd\x36\xc8\xb6\xdf\x16\xd9\xf6\x67\x40\xb6\x7d\x40\xb6\xe6\xc8\x96\x4d\x13\x40\x36\x40\xb6\xf5\x40\xb6\xfe\x82\x95\xb6\xfe\x76\x1b\x6c\x4b\x53\x37\x06\xb7\xf4\x8b\x69\xd0\x2d\xf7\x31\xc0\xdb\x24\x78\xeb\x83\xe6\x06\xf8\x36\x1f\x7c\xdb\xcb\xf0\xad\x3f\x57\x7c\x93\x79\x8d\x49\x14\xba\xb6\x40\x82\x7c\xe5\xd5\x0b\x8b\x89\x37\xaa\x15\x62\xba\xf5\x4b\xd0\xb8\x05\xd0\x08\xd0\xd8\x10\x1a\x4b\xb3\x19\xa0\x11\xa0\xf1\xd5\x42\xe3\xf6\x82\xf7\xc3\xfd\x5e\x2b\x64\xec\xb5\x46\xc6\xf2\xea\x6e\x81\x8c\x3d\x40\xc6\xe6\xc8\xb8\x0d\x7b\x62\x00\xc6\xf5\xda\x13\xef\x2e\x5a\xef\x03\x74\x7b\x2d\xe8\xb6\x0b\x6a\x1f\xa0\xdb\xda\xa2\x5b\x89\x44\x07\x76\xb5\x80\x6e\x80\x6e\x80\x6e\x6f\x70\x53\xdb\xef\x4e\x73\x12\xb2\xd5\xed\xef\xbf\x69\x60\x4c\xd5\xc5\x69\x90\xb1\xa8\x6b\xb6\x83\xc6\xe2\xd7\xcb\xc4\x46\x7d\xb6\x00\x36\x02\x36\xbe\x76\x6c\x9c\xe6\x28\x04\xb0\xf1\xad\x62\x23\x1c\x86\x00\x36\xbe\x49\x6c\x6c\xbc\xa1\x6e\x85\x8d\x7b\xad\xb0\x71\xaf\x35\x36\xee\xcd\x82\x8d\x7b\x80\x8d\x4b\xc0\xc6\x7e\x56\x4c\x1b\x70\xdc\x6e\x0b\x8e\xdb\x6d\xc0\x71\x7b\x71\xe0\xb8\xdd\x02\x1c\xb7\x5b\x83\xa3\xd6\x9b\x80\x8e\x0b\x46\xc7\xba\xab\xa9\x01\x1d\x01\x1d\xf3\xe8\xb8\x0d\xe8\x08\xe8\xf8\x86\xd0\x71\x9a\xa3\x66\x40\xc7\xb7\x8a\x8e\xd3\x9d\xc7\x00\x3a\x02\x3a\xae\x27\x3a\xd6\x5d\x1e\x38\x17\x74\xdc\x6d\x85\x8e\xbb\xad\xd1\x71\x77\x16\x74\xdc\x05\x74\x6c\x85\x8e\x7b\x80\x8e\x80\x8e\x6f\x08\x1d\xf7\x01\x1d\x01\x1d\x1b\xa3\xe3\x3e\xa0\x23\xa0\xe3\x1b\x42\xc7\x0f\x80\x8e\x80\x8e\x8d\xd1\xf1\x03\xa0\x23\xa0\xe3\xdb\x44\xc7\x85\x9c\x59\x6f\xb5\x62\xb4\xd9\x6a\x4d\x69\xb3\x35\x0b\xa7\xcd\xd6\x94\xa4\x36\x80\x8e\x80\x8e\x80\x8e\x6f\x0b\x1d\xb7\x17\x73\x2a\x63\x6d\xb5\x3b\x97\x49\xd3\xb7\x38\x99\x49\xbf\x99\xee\x6c\x26\xf7\x39\xa0\x24\xa0\x24\xa0\x24\xa0\x64\x86\x92\x5b\x53\xd1\xbd\x6e\x75\xb7\x76\x9a\xa3\x64\x3b\x8c\x6c\x8f\x90\x33\xe1\xe3\x94\xe8\xb8\x3d\x0b\x3a\x6e\xcf\x84\x8e\xdb\x8b\x41\x47\x3e\xc4\xaa\x07\xd4\x3f\x37\xd5\x7f\x0f\xfa\x7c\xc0\xf3\xc9\x96\x89\xc9\x5b\x53\x72\xcd\x02\x26\x03\x26\xaf\x01\x26\x6f\x97\x31\x79\xba\x18\x46\xc0\x64\xc0\xe4\xe5\x61\xf2\x74\x91\x93\x80\xc9\x80\xc9\x6b\x8a\xc9\xd3\x2a\xca\xc5\x86\x4d\xbe\x20\xa1\x15\xb1\xd0\x4e\x6b\x62\xa1\x9d\x59\x88\x85\x76\x5a\x10\x0b\x4d\x89\xcb\xd3\x22\xf2\x1c\xb1\xb8\x0a\x85\xf5\x61\xe6\x25\xcf\x1b\x8d\xa7\xc1\xe1\xe9\x95\xe3\x8a\x0f\x0b\x30\x55\x86\xe2\xe2\x77\x80\xc9\x33\x60\xf2\x6e\x3e\x79\x3d\x26\x67\x89\x27\x63\xf2\xd4\x68\xbc\xd5\xcf\x86\x78\xae\x1c\x46\xc5\x79\xd3\x10\x96\x1b\x00\x72\x8b\xd3\xaf\x69\x00\xb9\x95\x99\x77\xa7\xb5\x91\x77\x67\x16\x13\xef\x4e\x0b\x03\x2f\x00\x32\x00\x32\x00\x32\x00\xf2\x62\x00\x79\xba\x18\xd1\x16\x56\x8b\x56\xde\x08\xfd\xd6\xde\x08\xfd\x59\xbc\x11\xfa\xd3\x7a\x23\x80\xd5\x62\x99\x56\x0b\x88\x4c\x5d\x3f\x40\x06\xab\xc5\xf4\x56\x8b\x9d\x05\x63\xf2\xd6\xfb\x36\x98\x9c\xa6\x6e\xee\x21\xf6\x7e\x06\x4c\xce\x7d\x0c\x98\xbc\xaa\x98\x5c\x52\x43\x00\x93\x01\x93\x5f\x31\x26\x4f\xc7\x16\x00\xa7\x7b\xaf\x0d\x93\x9b\xa1\x23\xb0\x05\xac\x1f\x3a\x2e\xcc\x84\x30\x23\x3a\xea\x86\x84\x35\x40\xc7\x56\x56\x5d\xd0\x58\x5f\x17\x3a\xae\xb2\xc6\x0a\x98\x0c\x98\xfc\x96\x30\x79\x3a\x06\x17\xd0\x58\x5f\x1b\x26\x37\x43\x47\x60\x70\x01\x74\x7c\xa3\xe8\xb8\x58\x3f\x84\x57\xa3\xba\xbe\x3e\x3f\x84\x45\xa9\xa8\x4b\x85\x5f\x70\x3f\x78\xcd\x48\xfc\xda\xdd\x0f\xde\x83\x92\x0a\x4a\x6a\x63\x94\x7c\x0f\x4a\x2a\x40\xe3\x1b\x52\x52\xdf\x83\x92\x0a\x4a\xea\xea\x28\xa9\xd3\xc3\x2f\x28\xa9\xaf\x19\x89\xdf\x90\x92\xda\x82\x93\x66\x1a\x18\x7e\x2d\xd4\x5d\xaf\x0f\x86\xf5\x61\x5e\x91\x98\x05\x80\x63\x80\xe3\x37\x0e\xc7\x3b\x8b\xb1\x19\xbc\x66\x8a\x30\xb0\x1d\x80\xed\xe0\xcd\x43\xe4\x1b\xb0\x1d\x4c\x47\xc2\x3d\x85\xd2\xba\xbd\xd3\x06\x2c\xd3\xd4\x8d\xa1\x32\xfd\x62\x1a\xa0\xcc\x7d\x0c\x4a\xeb\xcb\x2b\xad\xd3\x33\x35\x82\xd2\xfa\x9a\x11\xf9\x75\x2b\xad\xdb\xc0\x0e\xd6\x5e\x59\xcd\xa6\x4f\x7b\x5d\x75\xb7\x3b\x03\x9b\x6d\xe9\xe3\x65\x6a\xaa\xdb\x2b\x4d\xd2\xb5\x53\x48\x5e\x0b\x48\xa5\xc4\xf3\xc3\xc5\x9d\x7c\xea\xc6\xd5\x58\x3b\x5c\x7c\xf5\x9a\x6a\x0e\x1a\x21\x78\xe0\xad\x42\xe3\x84\x13\xaf\xbd\x39\x68\xab\x00\xc8\x00\xc8\x00\xc8\x4d\x00\x79\xf1\xf4\xe2\xaf\xd6\xc2\xfa\xfa\x90\xb9\x21\x46\xae\x32\xdd\x37\x80\x24\x80\xe4\x22\x41\x12\x98\x0c\x1b\x1b\x58\xdb\xe3\xe3\x94\xc8\x38\x3f\x4c\x9c\xc6\xba\x3a\x0f\x7d\x75\xb9\x28\xbc\x54\xf3\x2a\x00\x32\x98\x57\xe7\x6b\x5e\x9d\xd6\xbe\xda\x1a\x8d\x77\x7b\x6d\xd0\x38\x4d\xdd\x18\x8d\x77\xcb\x2b\xbe\x39\x1a\xef\xf6\x00\x8d\x57\x08\x8d\xa7\x37\x1c\x00\x1a\x03\x1a\x97\xd0\x58\xbe\xe8\x75\xb7\x76\xcb\x26\xa9\x55\xc4\xe4\x2d\xc0\x64\xc0\xe4\x55\xc3\xe4\x12\xd3\x1c\x60\x32\x60\xf2\x1b\xc4\xe4\x2d\xc0\x64\xc0\xe4\x55\xc3\xe4\x2d\xc0\x64\xc0\xe4\xb7\x86\xc9\x8b\xa6\xfb\x06\xd7\xb0\x57\x73\xca\xb6\xca\xac\xdb\x80\x8e\x70\xc8\x36\xef\x43\xb6\x1d\x20\x40\x98\x82\x00\xe1\x15\x69\xab\x8b\xf2\x05\x5b\x2a\xf6\x82\x92\xfa\x9a\x61\xf8\xb5\x1f\xad\xc1\xcd\x07\xa0\x9e\x36\x84\xc8\x55\xa6\xd8\x06\x5c\x04\xf5\x74\xde\xea\xe9\xb4\xd7\x1e\x80\x7a\x0a\xea\xe9\xbc\xd5\xd3\xe9\xb1\x17\xd4\xd3\xd7\x0c\xc3\x6f\x48\x3d\x05\x72\xae\xb7\x88\xc1\xfa\x18\xaf\xc8\x81\x16\x60\x31\x60\xf1\x5b\xc4\xe2\x69\xd9\xbc\xdf\x36\xe7\x0c\x60\xf1\x22\xb1\x78\x4d\x58\x12\x01\x8b\x01\x8b\xe7\x8a\xc5\xd3\xf2\x7f\x81\xd9\xf6\xcd\x99\x6d\xa7\xe7\xe4\x02\xb3\xed\xab\xc3\xc5\x37\x60\xb6\xfd\xb0\xb4\xc8\xdd\x56\x3e\xb0\x3b\xad\x7d\x60\x77\x66\xf1\x81\xdd\x01\x1f\xd8\x15\x52\x53\xd7\x84\x17\x11\xe0\x18\xd4\xd4\x39\xaa\xa9\x3b\x53\xf1\x22\x9a\xe2\xdc\xc1\x7c\xbb\xfa\x58\xbc\xdd\xec\x08\x2d\x9b\xf1\x33\x62\xf0\x76\x2b\x0c\xde\x99\x81\xe7\x0b\x30\x18\x30\x78\x89\x18\x5c\x3a\x5f\x98\x1b\x06\x37\xd6\x87\x01\x83\x5f\x11\x06\x57\xeb\xc3\x80\xc5\x80\xc5\x80\xc5\xcb\xc4\xe2\x69\xb8\x17\xa7\x02\xe3\xdd\x56\xb4\x62\xbb\xad\x69\xc5\x76\x67\xa1\x15\xdb\x7d\x13\xb4\x62\x6b\x03\xc6\x2f\x47\x2b\xb6\xbb\x3c\x34\x4e\x17\x39\x33\x7c\x24\x26\x5b\x86\x03\x0c\xf0\xfc\x55\x87\xf8\xce\x19\xd5\xb7\x97\x05\xea\xe0\x18\x01\xa0\xde\x10\xd4\xb7\x41\xc3\x06\x44\x7e\x83\x1a\xf6\x34\xf1\x6c\x53\x61\x31\x9c\xfe\x01\x16\x37\xc4\x62\x70\x18\x06\x2c\x7e\x8b\x58\xbc\xb7\x34\x2c\x06\x0e\x75\xc0\xe2\x66\x58\xbc\x07\x58\x0c\x58\xfc\x06\xb1\x78\x9a\xe0\x8d\xe9\x0c\xcf\xad\xf4\x62\x60\x86\x7c\xc3\x58\xfc\x72\xc1\x1b\x4b\xb4\x3b\x03\x16\x83\xd5\xd8\x88\xc8\xfb\x80\xc8\x80\xc8\x2b\x86\xc8\xfb\x80\xc8\x80\xc8\x80\xc8\x2d\xd8\xd3\xa7\x43\xe4\x7e\x2b\x44\xee\xb7\x46\xe4\xfe\x2c\x88\xdc\x07\x44\x5e\x41\x44\x5e\x3a\x79\x3a\x20\x32\x20\xf2\x4b\x23\xf2\x34\x61\xce\x80\xc8\x80\xc8\x8b\x44\xe4\x97\x8b\xe5\x03\x44\x06\x44\x5e\x21\x44\x5e\x6c\x34\x09\x38\x30\x03\x22\x03\x22\x03\x22\x03\x22\xd7\x22\xf2\x6e\x77\x69\x21\x25\xe0\x7d\x0c\x88\xdc\x08\x91\x77\x2b\x81\x75\x02\x70\x18\xd8\x65\x16\xea\x65\xf1\x3e\x25\x9e\x69\x80\xc8\xa5\xc4\xad\x23\x4a\x4a\x39\xcc\x0f\xd3\xf5\xac\x27\x61\x7a\x21\x6d\x33\x4c\xef\xb7\xc5\xf4\xad\x36\x98\xbe\xb5\x68\x4c\x5f\x55\x3f\x8d\xed\x22\x9a\x43\x84\x20\x28\xd8\x2b\x07\xe7\xd3\x46\x08\xce\x01\xcf\x5b\x69\xd8\x80\xe7\x6f\x05\xcf\x57\x5b\x47\x4f\xe4\xcb\x4f\xd7\x77\xe8\x4f\x36\xa8\xeb\x05\xde\xc1\x1e\x89\x2c\xd9\x1b\x52\x97\xad\x13\x0a\x0b\xb6\xba\x6c\xb7\x12\x0a\xdb\xad\x85\xc2\xf6\x2c\x42\x61\x1b\x84\xc2\x32\x84\x02\x07\x21\x8f\xda\xd8\x33\x35\x99\xbf\xb4\x6c\x6c\x8f\x88\x6c\x75\xf9\x6e\x19\x90\x24\x20\x49\x40\x92\xac\xa6\x24\xd9\x82\xf0\x48\x08\x8f\x5c\xb1\xdd\xc5\x16\x18\x8b\x40\x24\xac\x92\x48\x58\x1b\x63\xd1\xd2\x88\x47\x20\xc0\x12\xd0\xbc\x21\x9a\x4f\x49\x3c\x02\x68\x0e\x68\xfe\xc6\xd1\x7c\x07\x02\x82\x20\x20\x68\xc5\xd0\xbc\xc4\x07\x0f\xe6\x1a\x40\x73\x30\xd7\x4c\x83\xe9\x0b\x36\xdc\x03\xa6\x03\xa6\x03\xa6\x03\xa6\x03\xa6\xaf\xb8\x09\x7e\x69\x0c\x85\x20\x12\x40\x24\x34\x14\x09\x53\x32\x14\x82\x48\x00\x91\xf0\x36\x45\x42\x35\xa6\x83\x9a\x0f\x98\x0e\x98\x0e\x98\x0e\x98\xbe\x6e\x98\xbe\x20\x35\x7f\x6b\xd1\x22\x01\xa8\x0b\x40\x24\xb4\x14\x09\xed\xc8\x64\x40\x24\x80\x48\x00\x91\x30\xbb\x48\xd8\x5b\xda\x2e\x01\x44\x02\x88\x84\x66\x22\x61\x4a\x3e\x74\x10\x09\x20\x12\x40\x24\xcc\x2e\x12\x96\x47\xcb\x0e\xd1\xbe\x20\x12\x9a\x89\x84\x29\x69\xd9\x41\x24\x80\x48\x00\x91\x30\xbb\x48\x58\x1e\xe7\x25\x88\x04\x10\x09\xcd\x44\xc2\x94\x0c\x6b\x20\x12\x40\x24\x80\x48\x98\x55\x24\xec\x69\x4d\x6c\x25\x12\x4a\x8d\x80\xe3\xe5\xd5\x17\x09\xef\x8b\x18\x5f\x2f\x12\xf6\xd2\xb5\x36\xa3\x48\xc8\xca\x6d\x22\x12\xf6\xca\xcb\x6e\x35\x45\xc2\x7e\xb7\xdf\x5c\x24\x94\x12\xb7\x16\x09\xc5\x1c\xfe\xf0\xc8\xaf\x1f\xd4\x24\x16\x02\xea\x6c\x39\x98\x8c\xa9\x6f\xdd\x79\xe4\xd7\x03\xf5\x8a\xdf\x4f\x96\x12\x85\xd4\x8d\xdb\x36\x85\x94\x50\x1f\x4d\xdb\x1a\x10\x32\x73\x17\x32\x3b\x73\x16\x32\x53\x52\x43\x80\x90\x01\x21\xb3\x30\x21\xf3\x72\xd4\x10\x20\x64\x40\xc8\x80\x90\x59\x9c\x90\x69\x77\xc5\xd6\x14\x42\x06\x8e\xc0\x41\xc8\xb4\x14\x32\xab\xed\x15\x05\x42\x06\x84\x0c\x08\x99\x26\x42\x66\x4a\x5a\x24\x10\x32\x20\x64\x16\x26\x64\x5e\x8e\x16\x09\x84\x0c\x08\x19\x10\x32\x73\x17\x32\x53\xb2\x35\x4d\x21\x64\xe0\x98\x1e\x84\x4c\x33\x21\xb3\x26\xcc\x1e\xfd\x5e\xd6\x41\x93\xa5\x4c\x39\x75\x6b\x31\x53\xca\xa2\x2d\x32\xe7\x32\x98\x2c\x68\x8a\xc9\x9b\xb7\x6f\x59\xa2\x46\x2b\x14\x64\xcd\xca\xcb\x9a\x3d\x90\x35\x20\x6b\x56\x4c\xd6\xac\x49\xe0\x08\xc8\x1a\x90\x35\x20\x6b\xa6\x93\x35\x6d\x82\x14\x41\xd6\x80\xac\x01\x59\xf3\xd2\xb2\xa6\xb1\x07\x32\x08\x26\x10\x4c\x6b\x26\x98\xa6\x0c\x95\x04\xc1\x04\x82\x69\x61\x82\x69\x4d\x42\x25\x41\x30\x81\x60\x02\xc1\xb4\x04\xc1\xb4\xe0\x1d\x13\x5c\xce\x0a\x82\x69\x61\x97\xb3\x82\x34\x03\x69\x06\xd2\xec\x8d\x4b\xb3\xf7\xda\x5a\x6e\xbe\xcd\xda\x29\xbb\x37\x81\xef\xdc\x2b\x14\x66\xbb\x2f\xb1\xcb\x7a\x5f\x29\x5e\x56\x4c\x2e\x81\xef\x1c\xf8\xce\xbd\x4e\x19\xb3\xb7\x38\x19\xd3\x78\xc7\x34\x95\x8c\x01\x4b\x1e\xc8\x98\x57\x25\x63\x5e\x7e\xef\x03\xdb\x19\xd8\xce\xac\x91\xa8\x99\x86\xd5\x00\x44\x0d\x88\x9a\x05\x8a\x9a\x35\x21\x35\x00\x51\x03\xa2\x06\x44\xcd\x74\xa2\x06\x76\x35\x20\x6a\x40\xd4\xac\x91\xa8\x81\x13\x1d\x90\x4b\xaf\x55\x2e\x4d\x43\x87\x00\x72\x09\xe4\xd2\x02\xe5\xd2\x9a\xb0\x21\x80\x5c\x02\xb9\x04\x72\x69\x09\x72\x69\xb1\xfb\x25\x70\x9b\x03\xb9\xb4\x30\xb7\x39\x10\x66\x20\xcc\x40\x98\xbd\x6d\x61\xb6\xdf\xed\xf7\xa7\x20\x36\xed\x75\xfb\xef\x9b\x0a\xb1\xfd\x36\x32\x6c\xbf\xad\x08\xdb\x9f\x41\x82\xed\x37\x17\x60\x16\x1e\x3b\x7b\x3b\x1c\x63\x77\x52\x84\x6f\x2a\xc6\x4c\xdf\x36\x16\x66\x35\x1f\x4f\x25\x5a\xd2\xfc\x7a\x6d\x2e\xd2\xc9\x4d\x93\x36\xb2\xe2\x43\xb7\x5e\x42\xe4\xbf\x48\x04\xc5\x56\x01\x51\x27\x21\x62\x1b\xf7\xb5\x52\xe2\xf9\x5d\x7d\xd3\x6f\xe1\x69\xd6\x9f\xc2\xd3\xec\x43\x3b\x4f\xb1\x7e\x1b\x58\xed\xb7\x80\x55\x35\x87\xb2\xab\x98\xda\x80\x6b\x4f\x88\x87\x64\x32\x6d\xcf\x11\x56\x77\x72\xc8\xf6\x41\x83\xd9\xe6\xc0\xd6\xef\xf6\xb7\x9a\x02\xdb\x4e\x1b\x60\xdb\x69\x0b\x6c\x3b\x33\x00\xdb\xce\x74\xc0\xf6\x7e\x06\x60\x7b\x3f\x0b\xb0\xbd\x7f\x31\x60\xfb\x50\x16\xc6\x80\x6b\x80\x6b\x2b\x8d\x6b\xef\xa7\x50\xd8\xda\xe0\xda\xab\x53\xd8\xde\x24\xae\xbd\x07\x7d\x0d\x70\x6d\x5d\x71\xad\xb1\x55\xb5\x0d\xae\xf5\x5b\x59\x53\xfb\xad\xad\xa9\xfd\x59\xac\xa9\xfd\x16\xd6\x54\xc0\x36\xc0\x36\xc0\xb6\xf9\x60\x9b\xe1\xa6\xae\xf9\x60\x5b\x2b\xcb\x9e\x6a\x85\x98\x6e\x7d\x01\x8b\x7f\x13\xc8\xd8\xf9\xb2\xcf\x7e\x90\x90\xb9\xd4\x27\xce\x15\x19\x07\x1e\x96\x2b\x83\x83\xa3\x9a\x34\x29\x54\x5e\xc7\xbd\xde\x36\xf9\xc8\xb1\x24\x33\xb4\xf7\x90\x78\x6c\xcb\x33\x91\xf4\x29\xaf\x8a\x9a\x04\x0f\x1a\xf8\x64\x59\xec\x56\x64\xd1\x2f\x44\x40\xe9\xb9\xec\x1a\x72\xc9\xa5\xcf\x32\xda\xeb\xf6\x2c\xec\x05\x23\x5c\xcc\xc2\x0a\x42\xf7\xc1\xf5\xc8\x90\x38\xa5\xdc\xd2\x8f\xf4\x7c\x34\xe6\xe8\x7c\x56\x7b\x86\xef\xb3\xc4\x7a\x16\xef\xab\x9b\xf4\xde\x90\xc9\x7b\x63\x8b\xde\x57\xf7\xee\xfb\xba\x46\xbd\x37\x76\x74\xe9\x8c\xb1\xbe\x52\xf5\xc9\x6b\x8a\xdf\x37\x96\xbe\x5d\xd9\x96\xfd\x4c\x66\x0b\xac\x98\x61\xf2\x71\x51\x30\xf3\xdc\x4b\x32\x99\x7e\xea\xa5\x39\xcc\x3c\xf3\x92\x9c\x66\x99\x78\x49\x1e\xb3\xcc\xbb\x34\x8f\xf9\x4c\xbb\xea\x2a\xd5\xa6\x9e\xc3\xa4\x53\x79\xe9\x73\x8e\x86\xe4\xf8\xec\xd2\x30\xeb\x0c\x23\xf4\x3e\x37\xd0\xea\xa8\xd6\x3c\x40\x95\x49\x4b\x8d\x36\xd7\x7d\xaf\xe2\x7b\xad\xea\x99\x8a\x52\xac\xba\x79\xba\xe7\xb2\x4c\x74\x12\xf3\x54\xaf\x4c\x5a\x6a\xa8\xb9\xf6\xc5\xb5\xa9\x65\xa1\x35\x80\x4b\xf2\x09\x7d\xcf\x3f\x56\xfa\x60\x9b\xf2\xab\xbe\xd7\x0a\x2f\xca\xd1\xa7\xea\x7c\x79\x26\x2a\xb9\x12\xae\xf9\xac\x84\x10\x3f\x4d\xb5\x84\x32\x7c\xe9\xb8\xb1\x9d\xd5\x72\xa7\x50\x86\xc8\x27\xd1\x05\xcc\x03\xb3\x53\x6e\xae\x7c\x5c\xa0\x45\x2f\xe5\xb5\x6f\xc8\x2a\xfd\x66\xab\x7a\xe4\x1a\xd4\xc9\x30\xdb\xe4\xe3\xed\xd6\x75\xd2\xbe\xd9\x6a\x56\x7a\xd5\xca\xcf\x75\xb9\xb9\xf0\x6c\xfc\x34\x7f\x88\xf2\x52\x6a\x02\xfa\x69\x0e\x95\xeb\xa9\x1a\x6a\x1b\x67\x52\x06\xc7\xe2\x17\x69\x8b\x22\xa5\xd8\x7d\x21\x8f\xd9\x8c\xcc\x69\x67\x07\xa8\x73\xed\x3f\x3d\xb9\x77\x88\xfc\x85\xba\x17\xbf\x1f\x1e\x1d\x51\xff\xce\x1d\xa2\xeb\x4e\x78\x8b\xed\xeb\xce\xf3\xf3\xb5\xff\xee\x1d\x62\x11\x0e\x23\xc4\x1f\xa1\x11\x09\xc9\xb5\x7f\xed\xbf\x43\xa7\xbe\xed\xc5\x0e\x41\x18\xa9\xed\x58\x48\x3d\x82\xee\x68\x88\xa2\x11\x41\xda\xbe\x01\x1d\x8b\xa3\xfc\x4b\x12\x6d\xf0\xef\xb0\xef\xa0\x5b\xd7\x77\x90\x1b\xa1\x88\x96\x12\x33\xb9\xb7\xc5\xb6\x4d\x63\x3f\xea\x5e\xfb\xf7\xae\xef\x1c\xa0\x23\x59\xc6\x05\xf5\xc8\xb5\x8f\x03\x57\xa9\xaf\x07\xa2\x56\x5d\x1c\x47\x23\x1a\xba\xff\xc6\x7c\x2f\xd8\xbd\xdf\x67\x5d\x97\x6e\x3e\xf4\x6f\x49\x84\xfb\xd7\xfe\x98\x44\xd8\xc1\x11\x3e\xb8\xf6\x11\xf2\xf1\x98\x1c\xe8\x25\x5e\xfb\x61\xec\x11\x26\x5e\xbe\x43\x57\x23\x82\x8e\xce\x4e\x51\xe0\xc5\x43\xd7\x47\x3e\x21\x0e\xe3\xd5\x1c\x92\x08\x05\xd4\x61\x1b\x88\x7f\xc3\x36\x44\x33\x78\x5e\x2c\xc0\x36\x61\x5d\xfe\xb5\x85\x70\xe0\x7e\x0a\x69\x1c\xb0\x03\xf4\xcf\xeb\xce\x75\xe7\x5f\xfc\x31\x42\x21\x61\x34\x0e\x6d\x55\x08\xff\x59\x22\xb3\xec\x2f\x91\xa9\xf6\x67\x9a\xb1\x7c\xf6\x40\xc2\x5b\xfd\xe3\x21\x89\x5a\x17\x48\x7c\x27\xa0\xae\x1f\x69\xc5\xa8\xbe\x36\x16\xf2\x0e\x7d\x67\xc4\xe1\x4d\x77\x5c\x66\xd3\x07\x12\x26\xc9\xd1\xe9\x80\x89\x71\xc6\xce\x03\x09\x23\x97\x91\x31\x11\x23\x95\x64\xfb\x13\x47\xf6\x28\xfb\xd3\x73\x59\x54\x93\xeb\xd5\x63\x30\xc2\xac\x3b\x5b\xe3\x44\xff\x6d\xb2\x08\x47\x71\x45\x6b\xce\x08\x71\x88\x23\xea\x6d\x7b\x04\x87\xae\x3f\x44\x7c\x7b\x79\x46\x22\xbe\x55\xfc\xee\xe3\x07\xec\x7a\xf8\x96\xcf\x61\x0f\x0f\xb5\xfa\x04\x7a\x73\xde\xa1\x23\x31\x75\x10\x8b\x68\x48\x18\x62\x74\x4c\x90\x2d\x56\x4d\x1c\x8a\xe9\x87\x5c\xff\x8e\x86\xe3\xe4\xdf\xa2\x6a\x08\xfb\x3e\x8d\xc4\x23\xbd\xa5\x71\xe0\xe0\x88\xc8\x89\xf7\x27\x2f\x45\x56\x6f\x84\xfd\x21\x11\xb3\xee\x4b\x6a\xb6\x40\xaa\x9e\x03\xea\xb9\xb6\x5b\x31\xe1\x7c\x99\xc6\xf5\x87\x6a\x0d\xd4\xf7\x99\x4c\x1d\xa8\x1c\xcd\x33\xad\x62\x2c\xd5\x38\xde\x3e\x26\xdd\xc1\x2b\x2e\x72\x7a\xd4\xdb\x3f\xf3\xb2\x28\xac\x03\x6d\xd2\x2a\x80\xa8\xa8\xb6\x3e\xe7\xb4\x46\x94\xd6\xb7\x18\x5b\xc2\x44\xb1\x6a\xfa\x4c\x57\xe7\x9a\xb9\xa7\xcd\xa0\x74\xf6\x8c\xa9\xef\x46\x34\x64\xe8\x01\x87\x2e\x8d\x19\x3a\xba\x38\x96\x8b\x4a\xce\x25\x63\x25\xec\xd0\xe9\x06\x21\xfd\x2f\x62\x47\x12\xbf\xba\x34\x1c\xd6\xd6\x6c\xe8\xd1\x5b\xec\xdd\x11\xcf\xfd\x25\xf3\xd5\xfa\x51\x7b\xaa\x66\xae\xf6\xf2\x76\x18\x04\x84\x84\xac\x98\xd5\xed\x30\x28\x65\x94\x3e\x2b\x67\xe3\x06\x01\xa5\x5e\x29\x17\xe3\xcc\x2b\xbd\x66\x44\xc7\xaa\xca\x6f\x94\xf4\xd1\x66\x9d\xf6\x72\x44\x59\x54\x00\xbe\x0a\x2c\x9d\x30\x6f\x92\x71\x8b\x59\x84\xec\x90\xe0\x88\x08\x09\x20\x57\xb0\x44\x01\x31\x84\xd4\x97\xd2\x32\x0e\xe6\x34\x84\xa5\x2e\xac\x1d\xb7\xca\xce\x28\xb6\x5a\xb6\xc1\x0c\x45\xad\x10\x8e\xfa\x42\x84\x73\x94\x6b\xbf\x72\x34\xb1\x37\xdd\xb0\x5c\x8d\x08\x23\x28\x20\xe1\xd8\x65\x5c\x1f\x60\x08\x87\x04\x51\xdf\x7b\x44\x21\xf9\x2b\x0e\x5d\x05\xf9\x71\x30\x0c\xb1\x43\xd0\x5d\x48\xc7\xe8\x61\xab\xbb\x27\x05\xb8\x8d\x7d\x99\xcf\x2d\x41\x21\x19\xd3\x07\xe2\x20\x7c\x17\x91\xec\x03\x1a\xf2\x16\xde\x85\x84\x8d\x90\xeb\xb3\x08\x7b\x9e\x06\xe3\xb3\x0f\x6f\xcd\xe2\xc9\xaf\xc1\xa6\x03\x68\x59\x56\x6b\x05\xa9\xa4\x62\xfd\xee\xfa\x8e\xeb\x0f\x1b\xa8\x4e\xd4\x23\x17\xe4\x4e\xbc\x4e\xba\xa2\xa6\x48\x9e\xcc\xa0\xcf\x19\xb3\x66\xf1\x2d\xef\x47\xde\x66\x4b\x7d\xa4\xce\x3d\x0e\x25\xf4\x57\x7c\x87\x32\xa9\x71\x80\xc4\xd9\x06\x7b\x64\x11\x19\xf3\x6c\x5a\x55\x51\xa4\xcc\x0a\x91\xb9\x1c\xa8\x29\xfb\xf4\x44\x7c\x47\xa9\xc7\xc4\x77\xf2\xca\xb1\x18\x03\x3e\x39\x5d\x86\xa4\x46\xfd\x0d\x07\xc8\x65\x28\x56\xca\x4f\x32\xe4\x5c\x7b\x66\xc4\xbb\xb3\x04\x4e\x39\xc9\xca\xd3\x27\x5a\xa6\x01\x27\x19\xe5\x87\xf7\xa1\x56\xc1\x95\x05\xd5\x75\x4a\xfa\xdd\x3b\x74\x45\x11\xf1\x85\x06\x24\x74\xb2\x0d\xc4\x48\x84\x22\xde\x88\x88\xa2\xeb\x64\xeb\x10\xf1\x77\xd7\x1d\xf4\x1f\xd8\x77\xfe\x43\x24\xc1\xc8\xa7\xbe\xf5\x6f\x12\x52\xf4\x80\xbd\x58\x6e\x02\x44\x16\x28\x24\x81\xe7\xda\x98\x25\xab\xcc\xa3\x3f\xbb\x08\xfd\xc9\x57\x9b\x4d\xc7\x63\xde\x73\x31\xe3\xaa\x98\x4c\xee\xde\xa1\x47\x1a\xa3\x11\x7e\x20\x68\x4c\x43\x82\xa2\x11\xf6\xd1\x6e\x4f\x02\x45\x17\x1d\xde\xd2\x07\x82\xfa\x3d\xf5\x80\x6f\x21\x5c\x95\x37\x61\x8c\xf8\x91\x8b\x3d\xb1\x30\x45\x25\x6f\x94\xaa\x70\x23\xbb\xe4\xba\xe3\x53\x9f\x5c\x77\x14\xc8\xa5\x43\xc0\xe1\x4b\x75\xbc\xb2\xb4\xf3\xf6\xc6\x4c\xe2\x99\x6c\xf5\x4d\x62\x83\x47\xd7\x9d\x5b\x37\x74\x78\x2e\xa6\x7c\xbe\x5d\x7d\x57\x1f\xf3\x29\x62\xf1\x06\x75\xf9\x33\x3e\x53\xd4\xdf\x3e\x91\x8f\x7a\xe2\x21\x5f\xd8\xd1\xe8\x66\x1c\xc5\x3c\xeb\xa7\x27\xfe\xea\xf9\xf9\xba\x23\x93\xab\x39\x26\xfe\xe9\x31\x62\xf8\xa2\xbf\xb3\xd3\x2b\xa4\xce\x2b\x3a\x4a\x6e\x16\x10\x3c\x4a\x27\x19\x87\x37\x82\xed\x91\x44\x70\x24\xbe\x63\x01\xb1\x5d\xec\xc9\x8c\xc4\x90\x32\xae\xc9\x8a\xa9\x20\xf3\x41\x3f\x5d\xcf\xe3\xa8\x89\xe3\x88\x72\x49\x60\x63\xcf\x7b\x44\x01\x0d\x62\xbe\xe5\x74\x64\xd7\xf9\xee\x8d\x2a\xfe\x46\x7e\x76\x80\xfe\xdb\x92\x90\xf5\x94\x20\xd7\x75\x87\x8f\xce\x75\x87\x37\xe6\x7e\x9f\x59\x01\x75\x2c\xf5\xd1\x75\x67\x23\x4b\x65\xfb\xc9\x9c\x97\x69\x85\xdf\x7f\x2e\x85\x54\xe9\x18\x7f\xfd\xcf\xe4\xa9\x56\x90\x4c\x14\x3d\x06\xaa\x30\x39\xb0\x5a\x0e\x32\x81\x47\x87\x37\x1e\x79\x20\x9e\x4c\xf5\xe7\xe1\xc5\xd9\xe9\xd9\xa7\x52\x32\xbe\x6c\x84\x80\xbc\xc9\x72\xcc\x0e\x19\x4b\xc9\x79\xe7\x66\xed\xbc\xb9\xf9\xf2\xfd\xf7\x93\x8b\xb3\x93\xab\x93\xcb\x9b\xb3\xf3\xe3\x93\x9b\xb3\xc3\x6f\x27\x37\x37\xa5\xcf\xc6\x51\xcc\xbf\xb8\xb9\x39\x3a\x3b\xbd\xf9\x76\xf5\xfd\xe6\xa6\x90\xc0\x0d\xf0\x98\xa7\xc8\xb5\x32\xdf\x4e\x0e\x2d\x96\x30\x10\x14\xb2\xe7\xc9\x58\x7c\xeb\x93\x48\x26\x8c\x19\x19\x50\xe7\xc8\x75\x42\xb9\x46\x92\xdf\x73\xa1\x4c\xa9\xe6\x1b\x4a\xcd\x97\x7b\xbf\xcf\xea\xf3\xd1\xbb\xcb\x98\x17\x4f\xa0\x00\xac\xa3\x56\x07\xdf\x10\x1d\xdd\x0d\xe5\x0a\xd1\xb2\xce\xfe\xd0\x4b\xa9\x1c\xfb\x80\x86\xd1\x18\x07\xa5\xfe\x66\x3e\x16\x9d\x11\x85\x31\x29\xbc\xb2\x71\x80\x6f\x5d\xcf\x8d\xdc\xa4\xbe\x22\x97\x6f\x38\x08\x5c\x7f\xc8\x92\xaf\xf4\x9a\x24\xff\x54\xe2\xff\x59\x09\x86\x54\x34\x8c\xb1\xef\xde\x11\x16\x25\x4b\x91\x69\xc6\x90\x4d\xb1\x6d\xb4\x93\x03\xca\x0d\x84\x19\xfa\x49\x3c\x4f\x58\x50\x98\x8e\x59\xd9\x6e\x86\x49\xa3\x44\x6e\xc1\x23\x2a\xca\x13\x2b\x7c\x8c\xb9\xc8\x15\x89\x78\x0a\x12\xca\xbd\xa9\xeb\x23\xac\xef\x34\x95\x0e\x99\x0a\x9e\xd4\x7c\x93\x17\x3c\xe4\x57\x44\x7c\xa1\x73\x35\xb7\xb4\x54\x8b\x21\x84\x3c\x7c\x4b\xbc\x44\xc3\xe1\x48\x80\x83\xa0\xa8\x12\x04\xc4\x16\x09\x18\xf1\x88\x1d\xd1\x50\xa5\x1e\x73\x85\xf0\xab\xfe\x7d\x55\x0e\x48\xe9\x49\x97\x51\x88\x23\x32\x7c\x3c\x50\xf6\xaf\xee\xf7\xdc\x63\x09\xba\x28\xa2\xff\xc0\x63\xaf\xf8\x12\xfd\x37\x72\x7d\x87\xf8\x11\xda\x91\xe9\x38\x34\x3f\xab\xd1\xe6\x73\xec\x00\x5d\x50\xcf\x73\xfd\xe1\xf7\x54\xa9\x46\x28\xd4\x1f\xa5\xb5\x1c\xe3\x5f\x9a\xe5\xe1\x00\xf5\x35\xcd\x02\xa1\xc4\x82\x97\x34\x53\xef\x5d\xfe\xf3\xf2\x4d\xae\x6e\x34\xff\x69\x26\x08\xed\x0b\x39\x15\x37\x10\xf6\xa8\xcf\x51\x3d\x1a\xc9\xb9\x15\xba\x02\xd3\x0f\x1d\x87\xfa\xec\x9c\xeb\xd3\x11\xf5\x88\x92\x1e\x42\x8e\x6f\xe8\x99\x8c\x71\x78\x2f\x67\x65\x40\x1d\x3e\x41\x31\xb2\x55\x16\x08\x3b\x8e\x45\xfd\x0d\x44\x7c\x16\x0b\xb3\x8b\x1b\x71\xed\x9e\xe9\xdf\x07\xa1\x4b\x43\x37\x7a\x44\xcc\x1e\x11\x27\xe6\x3d\x25\xe6\x69\x34\xc2\x11\x72\x23\x96\xe9\xce\x42\xc1\x0f\x89\xb0\xc1\x3b\x7a\x16\xee\x1d\xcf\x98\x3c\x90\x50\xe4\x8e\xc8\x83\x6b\x27\x92\x48\xfe\x54\xde\x24\xec\x0a\x73\x6b\x37\x03\x20\xae\x0d\x27\xf5\xe5\x12\xe8\x00\xfd\xf6\x9b\xfc\x2e\x9d\x72\xa2\x0b\xef\xee\x5c\xdf\x8d\x1e\xb5\xfe\xe3\x3d\x7c\x58\x7e\x8c\xc4\xf6\xc3\x0d\x89\x73\x2c\xda\x7c\x99\x36\xeb\x74\xe8\xd3\xf4\xf1\xc9\x2f\x62\xc7\xbc\x4b\x0f\xf2\xe8\xc7\x73\xbd\x54\x73\xfc\x8a\x84\x63\x76\x50\x44\x47\x4b\x4e\xfa\x93\x5f\x41\x48\xe4\xce\xa7\x94\x84\x27\xba\x27\x8f\x07\x88\x2f\xce\x42\x63\x29\x2b\xa7\x46\x88\x06\x7c\x84\x69\x78\x80\xce\x68\x74\xea\x9b\x92\x48\x6d\xc0\x50\x96\x2c\x4f\x45\x0f\x25\xaf\xb9\xec\x51\x86\x2b\x09\x8f\xc9\x72\x3b\xd3\x1a\xf8\x9c\x02\xa5\xde\xec\xb4\x88\xa7\x27\x14\x62\x7f\x48\xd0\xdf\xef\x37\xd0\xdf\x1f\xd0\xc1\xc7\xfc\xe7\xe8\x59\xc3\xdc\xa7\x27\xf4\xf7\x7b\xf4\xfc\x2c\xc5\x05\x4f\xae\x8b\x8a\xa7\x27\xa1\xab\xab\x55\x9b\xac\x32\xfe\xcb\x26\x77\x7e\x71\x7c\xc3\xf7\x04\x31\xae\xdd\xe9\x36\x6a\x31\xbf\x92\xd9\xe4\x70\x0d\x8a\x2b\x52\x52\x47\xcd\xbe\xb6\x10\xb9\xbb\x23\x76\xc4\x7b\x53\x8d\x3f\xd1\xfb\x2d\xeb\xed\x93\x5f\x2e\xcb\xaf\x87\x6f\x38\xbc\xaf\x5d\x4e\x42\xc7\x0e\x49\xb6\x5c\x72\x05\x8b\x61\x2f\xaf\xe1\x66\xa5\xeb\xf5\x96\x13\xb4\x51\xb5\x59\x6e\x73\x76\x66\x02\x7f\xd5\x36\xd7\x77\xc7\xee\xbf\x09\x72\xe8\x4f\x3f\x72\xc7\x04\x39\x12\x17\x70\x02\x92\xfa\xee\xdb\x21\x1e\xe1\xe3\xf2\xbf\x51\x44\x3c\x4f\x97\x53\x11\x45\x0e\x45\x18\x5d\x77\xee\x68\x68\x6b\x05\x24\x9f\x70\x99\x3c\x8a\xa2\x80\x1d\x6c\x6e\xe6\xa7\xbf\x43\x6d\xb6\x69\x53\xdf\x26\x41\xc4\x36\xf9\xf4\xf4\x28\x76\xd8\xa6\xb0\xe4\x05\xd4\xd9\x7c\x17\x91\x70\xec\xfa\x62\x46\x58\xf4\x8e\x63\x42\x36\xb4\xda\xbb\x4f\x21\xb6\xc9\x80\x84\x2e\x75\x2e\xb9\xae\xe2\xb0\x03\xd4\x4b\xd2\x71\x50\x48\x5d\x8c\xca\xa0\x9b\x49\xf7\xbc\x02\xa0\xc9\xf5\x5b\xd7\xc7\xa1\x66\xed\xe2\x9f\x72\x58\x2c\x2b\xf6\xe8\xce\xf5\x48\x5e\x97\xd7\x47\x54\xca\x62\x55\x8c\x65\xfb\xae\x3e\xa2\xee\x18\x0f\xc9\x01\x7a\x7a\xea\x1e\x9d\x9d\x9e\xf2\x3f\xf4\x25\x85\x10\xdf\xa9\x61\xae\x09\xfc\xf3\xba\xb3\xa9\xe5\xd1\x65\xa3\xd4\xb6\x21\x7f\xc4\x7f\x28\x40\xc3\x3b\xc4\x67\x02\xa2\x77\xb2\x69\x67\xa7\xb9\xfa\xf2\xad\xb0\xb0\x63\x74\xf3\x5f\x25\x15\xe6\x6a\xef\xd1\xf9\xd9\x1f\x42\x3f\x2e\x62\x8e\x80\x22\xb1\x07\xea\x59\xca\xda\xc2\xf3\x16\xb6\xa2\x4e\xb1\x16\xe6\xed\x50\xe5\x3e\xa8\xba\x3a\x67\x27\x57\x7f\x9e\x5f\x7c\x11\xd5\x3a\xfd\x64\xac\xd3\x1f\x21\x1d\x1b\x10\xd2\x4e\x36\xf0\x5f\xc8\x63\x62\x33\x29\xfe\x2a\x36\xef\xc5\x9f\x58\xdf\xe5\xed\x55\xb1\xd1\x97\x62\xff\x4e\x04\x0c\xf3\x9c\xd1\x2d\x66\x12\xaf\xf8\xd3\xfb\x7d\x26\x15\x40\xfe\xaa\xa2\xc5\xa6\x7d\x4a\x9b\x36\xdf\xb9\xc4\x73\xaa\x1a\x2b\x5e\x0e\x70\x34\x3a\x10\x62\xb6\xcb\x2b\xc3\x67\x4b\xb1\x19\x7c\xdc\xf8\x8e\x59\x1d\x4e\x3e\xe0\xd0\xe5\xda\x52\xf5\x18\x7d\xbb\xfa\xfe\x92\x03\x93\xec\xcf\x8b\xed\x18\x84\xe4\x81\xf8\x91\x52\xf3\xd3\xc5\x2f\x6c\x92\xcc\x23\x84\x6f\x24\x38\xae\x73\x1d\xa6\x62\x3c\x2e\xbf\x9e\x9c\x0c\x2a\x17\xc2\x1d\xf6\x18\xc9\xcf\xfd\x07\xea\xc5\x63\xf2\x4d\x1c\x95\x1c\x14\xf3\x1c\xf3\xc7\x72\x00\x36\xf9\x1c\xd9\xa4\x41\xb4\x69\xfb\xee\xe6\xad\x5b\x12\xfe\xaa\x03\x7c\xd7\xba\x75\x7d\xcb\x71\xc3\x89\x99\x91\xc8\x16\x99\xf9\x24\xea\x3a\xd5\xd9\xf9\x24\xd2\xb3\xb3\xcd\x80\x79\x11\xfb\xcc\xbc\x35\x4a\x17\xae\x26\x1a\x52\x5b\x86\x9b\x83\xce\xec\x9b\x20\xa4\xc3\x10\x8f\x59\x8a\x07\xea\xec\x8a\x83\x6b\x48\x63\x9e\x87\xca\x56\xff\x9e\x37\xcb\x00\xab\x06\x29\x87\x72\xb0\xca\xd5\x15\x03\xae\x9a\xd0\xf2\x3b\x23\x7a\x43\x0e\x07\xa7\xc9\x76\xef\x16\xdb\xf7\x7c\x82\xa4\x96\x87\x8a\x29\x72\x7c\x78\x75\x78\x79\x75\x7e\x71\x72\x73\xf5\x8f\x41\x35\x68\xea\xbb\xef\x12\x58\x0a\x63\x1c\x8b\x03\xbe\xc3\x3d\x40\xa9\x47\xaa\x38\xf0\x13\x38\x9e\xac\x98\x8a\x3a\xfc\x71\xf2\xf5\xf4\x3f\x79\xf9\x9f\x0f\xbf\xec\x5f\x5e\x9e\x5c\xfc\x38\x3d\x3a\x69\x8b\x1d\xf3\x5e\x96\x65\x9b\x60\xb1\xdd\x7f\x62\x37\x4a\x3d\x18\x26\xf5\xf3\x9f\x87\xa7\x57\x37\x7f\x9c\x5f\xdc\xa4\x1d\x5e\xd9\xd7\x42\xf3\x2d\xf5\x32\x47\xe7\xd6\x80\xcc\x51\xf8\x65\x40\x78\x44\x29\x23\xe9\x4c\x2c\x58\x49\xcb\x15\x3d\x3a\xfc\x7a\x7a\x74\x9e\x88\xcb\xd3\xb3\x4f\x37\xbf\x1f\x1e\x7d\x39\x39\x3b\x7e\x51\x91\x99\x33\xe6\x96\x9a\x28\x0d\x1f\x62\x0f\x2f\x34\x03\xbe\xc9\x77\xef\xe4\x94\x77\x48\xe0\xd1\xc7\x31\xdf\xf6\x0b\x3b\x92\xb9\xd1\x5f\xbf\x5f\x5e\x9d\x5c\x4c\x58\x79\xfb\x6c\xe3\x76\x18\x94\x27\xc4\x61\x1c\x51\xcb\x21\x11\xb1\xa5\xd8\xfe\xfd\xd3\x00\x9d\x0e\xb8\xc2\xcf\xf7\x78\x15\xfd\x7c\x5a\x2d\x0e\x70\x1c\x51\x99\x5d\xb9\xac\x13\x69\xe8\x3f\x1d\x14\xbf\x2f\x8c\xdf\xe9\xe0\xc7\xce\xe0\xfc\xfc\xeb\x4d\x39\xa5\x56\xd2\xa1\xf7\x13\x3f\x1a\x80\x84\x4f\x71\x2e\xb9\xc5\x9a\x8a\x7d\x9f\x78\xc8\x21\xc2\x87\x44\x9c\x84\xf0\x2d\x7b\xe0\x8a\x93\x11\x79\xf0\xe0\xd4\xc1\xc9\xe9\xe0\xf4\xec\x74\xb0\xa2\xb2\xfd\x4a\x4c\x11\xe1\xae\x8f\x4e\x07\x0f\x3b\x28\xa0\xd4\xcb\xf4\x5b\xed\x5c\x58\x9c\x01\x50\x9f\x20\x22\xb6\x4f\x5d\x34\xa0\x8e\x70\xa9\x51\x26\xf5\x62\xce\xf6\x88\x32\xe2\x4b\x2d\x41\x58\xe0\xc5\x6e\xb8\x8b\x8e\x46\xd8\x1f\x72\x81\x20\x1e\xca\x83\x17\x79\x76\xa9\x1f\x1f\xc9\x5c\x47\xf8\xa1\x94\xaf\x4f\xd5\x3e\xaf\x2b\x77\x23\x6c\x44\x63\xcf\x41\x77\x5c\x17\xfe\xe9\x46\x23\xd7\x47\x96\x95\x44\xda\xd8\xae\x53\xa5\x92\x14\x27\xca\xd1\xe9\xf1\x45\xe5\x44\xe1\x7b\x0c\x99\x25\x4f\x56\x34\xe3\xf2\x6a\x1d\xbb\x4c\x3a\xe1\xf0\xfd\x81\x47\x87\xa2\x89\x8c\x0a\x6b\xa1\x1d\x79\xfc\x11\x13\xe6\xcb\xaa\x05\xa1\xea\x73\x7c\x7a\x79\xf8\xfb\xd7\x93\x9b\x3f\x4e\xbf\x9e\xdc\x7c\x3d\xff\xf4\xe9\xf4\xcc\xac\xad\xd7\x03\xf4\x1f\xc4\x73\x7f\xa5\xbe\x53\x7c\x40\xb9\x12\x90\x0e\x35\xb6\x93\xe3\x94\xc3\xa3\xa3\x93\xc1\x55\xad\x3c\x3c\x3e\xf9\xe3\xf0\xfb\xd7\xab\x93\xb3\xe3\xc1\xf9\xe9\xd9\xd5\xd5\xf9\xe7\xf3\xcb\xab\xc3\xa3\xab\xd3\xf3\xb3\xea\x95\x25\xb2\xad\xee\xa6\xd3\xc1\xc3\x1e\x9f\x5c\x99\xce\x50\x5b\x85\xd3\xc1\x8f\xbd\xcb\xef\x83\xc1\xf9\xc5\x55\x1b\x2d\x32\x37\x30\xa2\x47\x92\x91\x89\xa8\x18\xa9\xba\x32\xbf\x9e\x7f\xe2\x83\x30\x38\xbc\xfa\x5c\x59\x66\x76\x32\x37\xb9\x48\x0e\x26\xec\x91\x79\x74\x38\xa1\xd4\xcb\x93\x1f\x27\x17\xa7\x57\xff\xb8\xfc\xc7\x65\x65\xc1\x95\xc8\x58\x6a\x26\x8b\x1c\x1a\x47\x4d\x8b\x3c\xba\x38\x39\xa9\x1e\xd5\x3f\x71\xe8\xbb\xfe\xb0\x58\x78\x3e\xbb\xcf\x27\x87\x5f\xaf\x3e\x9f\x9c\xf1\x69\x6c\x96\x9a\xe6\xa9\xcb\x88\x1d\x87\x6e\xf4\x78\x44\xfd\x88\xfc\x8a\x0a\x90\x97\xf9\xcf\x27\x16\xb9\xec\x5d\xd9\x41\x21\x79\xfe\x57\x4c\x58\x69\x03\x81\x90\x1d\xc4\x07\x68\x6b\xb7\x37\xd6\x5f\x78\xee\x03\xf1\x09\x63\x83\x90\xde\x92\xc2\x27\xa3\x28\x0a\x3e\x91\x62\x9d\x10\x0a\xe4\xbe\x21\xf9\xb4\xf4\x5a\xe8\xa1\x1f\x7a\x1f\x3e\x14\xdf\xf0\xd5\x78\x80\xc4\xf1\x16\xff\x67\xa1\xad\x79\xc3\x4c\xbf\x97\x7f\xed\xfa\x6e\xe4\x62\xef\x98\x78\xf8\xb1\x32\xd1\x1d\x76\xbd\x38\x24\x57\xa3\x90\xb0\x11\xf5\x9c\x03\xb4\x97\xef\x32\xec\xb8\x55\xad\x25\xbf\x34\xe3\x71\xda\x67\xca\x9a\x52\x7c\x6e\x21\xbe\xed\xda\xac\xd8\x4c\xc8\x14\xd6\xad\x1b\x3a\x16\x2f\xf3\xd1\xf0\x52\x4c\x59\xd3\xdb\xda\x7e\x68\xbc\x43\xf4\xdc\xdb\xcd\x31\x75\x62\x8f\x94\xc6\x47\x4e\x5b\xcf\xbd\xb5\x2a\x12\xf0\x4a\x9d\xfb\xde\x63\x79\xce\x15\x4b\x09\x63\x7f\xf3\x57\xc4\x97\x20\xeb\x7a\xd4\xbe\x37\x17\xa5\x52\x58\xa6\x14\x59\x59\x12\xc9\x6a\x0a\x7b\xc0\xa1\x28\x50\x9d\x05\x1b\x8b\x7a\xc0\xa1\x15\xc6\xbe\x65\x4e\xd3\xb2\x30\xde\x87\x93\x0a\xe3\xdd\xd8\xaa\x30\x39\x82\xf9\xfd\x72\xe2\x9e\xa9\x6d\x99\x0d\x3b\xd7\x8a\x11\xe3\x2b\x49\x54\xba\x30\x8d\x6a\xe6\x81\x35\xb1\xb7\xea\x33\xad\x1a\x09\x6b\x62\xc7\x4c\xce\xd7\xd4\xe9\xd6\x84\x89\x54\x9f\x6b\xfd\x24\x95\x67\x80\x7f\xb8\x1e\x39\x0f\x8f\x72\x6e\x5a\xba\x03\x74\x62\x77\x3c\x3a\x3b\x35\xd9\x14\xcc\x86\x96\xfa\x6a\x19\xcd\x37\x56\xb5\xad\x65\x72\x8e\x05\x1b\xce\xb5\xff\x0e\x1d\x29\xef\x47\xcf\x93\xa6\x80\x98\x45\x74\x7c\xa1\x24\xc7\x31\x11\x47\x61\xc2\x13\xcf\x4f\x3d\xae\xc5\x67\xd2\xaa\xad\xd9\x59\x32\x6f\x65\x34\x96\xd3\x53\x1d\x8f\xeb\xa7\xcc\x38\x70\xb3\x83\xe6\x2a\xc7\xb5\x8a\x2a\x14\xce\xa3\x55\x3f\x18\xfc\x27\xbb\x66\xbf\x3d\xed\xbc\xd9\xa6\x7c\x48\x95\xea\xca\x9f\x0c\xa5\x1b\x59\xc5\x87\xc2\x5d\x2f\xf3\xcf\x52\xc7\xde\xc9\xd9\xb6\xa8\xb4\x50\x2c\x8f\xf4\x6a\xc8\xb7\x81\x17\x87\xd8\x33\x56\x53\x26\x60\xae\x3f\x8c\x3d\x1c\x9a\x92\xa4\xce\x67\x0b\xea\x42\xd9\x83\x89\x63\xe2\x4b\x74\xdb\xef\x9f\x06\x03\x42\xc2\x7c\x5f\xe5\x3d\x25\xb3\x0e\x52\xcf\xd3\x5e\x59\x7c\xbf\xbc\xfc\xbc\xfa\xfd\xd3\xa0\x66\x56\x55\xb8\x9b\xe6\xba\xcc\x3c\xa3\x16\xdc\x77\xca\xcd\xf9\x25\x7a\xec\x74\x30\xa0\xd4\xcb\xf7\x53\xce\xeb\x3a\xeb\x1d\xf9\x78\x59\x7d\x92\x73\x5e\x7f\x89\x9e\xf9\x4c\x59\x74\xa2\x2a\x90\xef\x1f\x83\x5f\x7d\xd6\x4b\xfa\xcb\x65\xf5\x95\xc1\xf1\xfd\x25\x7a\x4c\xe5\x75\x9a\x55\x23\xdf\x6f\x95\xfe\xf9\x59\xef\x95\x93\x2c\xab\x0f\x8d\xc1\x19\x2f\xd1\x8b\x9f\x44\x45\xf4\x88\xa7\xc7\x7c\x37\xd6\x84\x91\x64\x1d\x59\x4e\xf4\xf8\x22\x3d\xc9\xc8\xcb\xac\xde\x5c\x2f\x5e\x92\xa8\xa6\x0b\xb3\x50\x9b\x8a\xee\x63\x64\x69\x2b\x79\xca\xf9\x77\x96\x38\x16\x3a\x73\xe9\xbc\x9a\xc9\x37\x61\xda\x99\x27\x5c\xd1\x65\xdf\x1c\xd0\x30\xbd\xff\x24\xff\x9f\x70\xad\xf2\x09\xea\x1e\x79\x34\x76\x06\x21\x7d\x70\x1d\x12\xa6\xd6\xb5\xe7\xc4\x01\x75\x9a\x78\x02\x61\xb8\xd5\x72\x7d\x7e\xb6\x12\x61\xd8\x20\xb6\xa0\xf2\xeb\xcc\x21\x5c\xaf\x43\x69\xc8\x36\x1f\xb6\xab\x24\x76\xc9\x29\x52\xd7\x27\x2c\x37\x70\x03\xab\xaf\x86\x48\x77\xe5\xb3\x5d\x27\x54\xad\xd2\xcd\xd1\xea\x2d\xff\xec\x1b\x75\xc8\x01\x52\x27\x1b\x69\xde\xd1\x79\x1c\x0d\xa9\xeb\x0f\x13\x4b\x46\xcd\xe8\x0e\xa8\x53\x33\xa4\x76\x54\xdb\x77\x69\x6d\x0d\x3e\x74\xc2\x52\x17\xe1\x30\x92\xd3\xf3\x00\x9d\xfb\x7f\x48\x33\x15\x7f\x57\xf4\x65\xab\xf4\xe7\x32\x79\x72\x55\x3b\xad\x99\x52\x17\x0e\xeb\x2d\x53\x03\x73\xfe\x45\xc9\x8b\xa4\xab\x73\xae\x45\xb7\xae\xbf\xc9\x46\xd7\x9d\x0d\x74\xdd\xb1\x6c\xf9\xdf\x34\x2b\x84\x83\xc0\x7b\x44\xd6\x5d\xf5\x64\xea\x3e\xe2\xb1\x97\x7a\x24\x65\xa7\xeb\xf5\x27\xe3\xca\x92\xaa\x9d\x87\x8b\x17\x06\xb3\x98\x95\x9f\x5b\xf9\x93\xa2\x9c\x0d\x8b\xd2\x68\x53\xc0\x8c\x66\x99\xa9\xf9\x3a\x3d\xa4\x2a\x4c\xe2\xda\x45\x27\x7a\x36\x22\x39\xdf\x50\xe5\xf9\x37\xf1\xbb\x6c\x87\x3f\xa1\x33\x45\x04\x88\xe8\x04\x19\x00\x42\x10\x89\x6c\x07\x5d\x7d\xbd\x44\x8c\xd8\x21\x97\x6c\x9a\x2f\x65\x8e\x75\x4c\xd1\x11\x34\xe2\x18\x50\x01\x53\x97\x42\x3e\x24\xf3\x67\x33\x71\x7f\x66\x9b\x22\x5a\x4b\x56\x68\x12\xf1\x40\xf1\xe2\x05\x3e\xc5\x02\xea\x13\x7f\x12\xfb\x40\xe9\xc3\xa5\x32\x11\x14\x4b\xcf\xb3\x12\x9c\x89\x68\x27\x1c\x12\x19\xfb\x28\x0d\x48\x2a\x86\x58\xb4\x3c\x71\x79\x9c\x22\x7a\xb9\x26\x06\xb3\x26\x90\x3f\x0d\xd0\x7c\xc7\x61\x4e\xd6\xed\xaf\x98\x88\x80\xcb\x88\x22\x7b\x44\xec\x7b\x51\x33\x71\xca\x49\x7c\x7b\x8a\xe8\xd0\x2c\x16\xbc\x22\x38\xf4\x1d\x3a\x1d\x1c\x7e\x2b\xf8\x86\x8f\xb1\xef\xaa\x28\x24\xf4\x73\x44\x7c\x15\x2a\xc6\x5f\x89\x5e\x52\x2e\xe1\x73\x8e\xcc\xad\x0a\x40\x9f\x43\x84\xa8\x47\xed\x7b\xe5\x79\x9e\x0b\x7c\x76\x03\x3c\x16\x2f\x0b\xcf\x46\xd8\x77\xbc\x29\xc2\x6a\xab\x43\x82\xe5\xdf\xb2\xf7\xd4\x84\x14\xbc\x18\xd8\xb6\x09\x13\x8e\xb8\x2a\x0e\xda\xb4\x0b\x9b\x4f\x2f\x34\x0e\x6c\xce\x35\xb0\x36\x48\xb6\x3a\xea\x75\x91\xab\x7a\x11\x01\xb3\xe5\x62\xda\x07\xcf\x96\xf3\x58\x4e\x20\xad\x82\x7e\x60\x93\x01\x36\x19\x60\x93\x01\x36\x19\x60\x93\x01\x36\x99\xc6\x6c\x32\x26\x0d\x68\x01\x0c\x33\xc6\xd4\x40\x3b\x03\xb4\x33\x40\x3b\x93\x1b\x40\x73\xaf\x24\x81\xb0\xa2\x43\xb4\xd8\xb6\x88\xf2\xa4\x7c\x44\xe5\x2e\x0e\x7b\x1e\xb5\xe7\xdb\xc8\xd5\xdb\x39\xcd\x63\x61\xe2\x71\x0e\x34\x2b\xf7\xc6\xbf\xf3\x16\xa2\xac\xfd\x12\x45\xb0\xc7\x28\x9f\x77\x62\x36\x0b\x05\xe5\xf6\x51\xac\x33\x39\x40\x22\xf8\x05\xe1\xe1\x30\x24\xc3\x6a\xa1\x3b\xa7\xb1\xa8\x54\x0f\x94\x64\x95\x93\x45\xcc\x8e\xb1\x3b\x54\x28\x90\x53\xa2\xe5\x2d\x91\xe2\x84\xc5\x30\xfd\x6c\xec\x2b\x87\xea\x77\xe9\x3a\x13\xde\xd7\x91\x5a\x68\xc2\x9d\x94\xaf\x4d\xec\xe7\xbd\xa6\x25\x29\x4d\x46\x9d\x21\x2a\x61\xec\x0a\x1c\x04\xac\xb6\xe5\x59\x15\x6b\xc6\x0b\x58\x9b\x96\xcb\xda\x34\xc9\xe0\x98\x0b\x06\x48\x2d\x8f\x6b\x47\xe8\x24\x49\x95\x18\xdf\x1e\x89\xf0\x8a\xa9\xb8\x91\x80\x14\x09\x48\x91\xf2\xa4\x48\x5c\x11\x5b\x33\x46\x24\x53\x33\x2d\x99\x56\x4f\x08\x5c\x47\xf3\xe5\x3a\xaa\x81\xd8\x7b\xc7\xb1\xec\xd0\x61\x0a\x5d\xc1\xe9\x73\x7a\xa7\xcf\xc5\xbb\x7c\x66\x1a\xf3\xcb\x78\xe8\x1d\x7e\xfb\x3d\xf3\xb3\xce\x9c\xf4\xf2\x6a\xbc\xee\xa7\xa7\xde\x2c\xc5\x1d\x36\xaf\xda\xbe\x88\xd3\x27\xaf\x42\x42\x43\x94\xef\x24\xa3\xe2\xad\xf9\x7b\x6a\xaf\x1f\x97\x35\x93\xd4\x3e\xeb\xa5\xa6\xd2\x67\x51\x7c\x79\x2e\xe5\xb6\x7f\xf9\xc9\x34\x52\x9f\x2c\xa7\x7f\xd4\xfe\xee\xa5\xfa\xe7\x48\x73\x4d\xd0\xfb\x27\xb7\xed\xcc\xf7\x4f\xa2\x96\x82\xf3\x79\xd9\xf9\x7c\x29\x7d\xf2\xf2\xb2\x6d\xee\x8e\xe7\xcb\x58\x6b\xeb\xe4\x74\xbe\xf8\xfe\x78\x1d\x0e\xe7\x8b\xef\xa7\xd7\xed\x6c\xbe\xf8\xfe\x7b\x0b\x8e\xe6\x4b\xee\xc5\x57\xe3\x64\xbe\xf8\x7e\x7b\x65\x0e\xe6\x4b\xeb\xb0\x36\x53\x6c\x31\x9d\x55\x9a\x5f\x35\x33\xab\x34\xa7\x26\x5b\x7b\x85\xb1\x2f\x67\xeb\xad\x63\x68\xb6\x1a\x30\x34\x03\x35\x33\x50\x33\xa3\xfa\x46\x23\xa0\x66\x9e\x07\x35\xb3\x91\x3a\x18\x99\xa9\x8f\x0f\x90\xe7\xfa\xf1\xaf\x24\xd5\x62\x08\x86\xe5\x03\x63\xf0\x06\x02\xc2\xe1\xd9\x08\x87\x27\x85\x13\xa8\x39\x35\x89\x90\xb8\xc0\x01\x0d\xcc\xc4\x06\x66\x62\xe5\xa2\xc1\xf2\xae\x2c\x85\x83\x71\x71\x02\x9a\x1d\xa9\x74\xf5\xfc\x4e\x23\x75\x0c\x9f\x78\xdf\x73\x34\x10\x87\x66\x2e\x9f\x65\x65\x17\x97\x0d\xde\xb7\xfa\x45\x30\xd8\x2b\x50\xda\xbc\x4b\x2a\x93\x9c\x49\x56\x14\x9e\x44\xdc\xa8\xd4\xf2\xb8\x47\x9b\x58\xad\x78\x8f\x35\x6e\x8d\xcd\xdc\xf1\x91\x88\x56\x52\x45\x4c\xa4\x43\x5e\x21\x5e\xdd\x35\x25\x6a\x6c\x4c\x57\x94\x32\xbf\x48\xfa\x12\xa1\x0c\x16\xcb\xcb\xcc\x1e\x72\x36\x9b\x08\x52\x8a\xf9\xce\x40\x94\x3b\x81\xf7\x1b\x08\xbf\x81\xf0\x1b\x08\xbf\x81\xf0\x5b\x6f\x1d\x10\x7e\x97\x76\xda\x40\xf8\x9d\xaf\xcd\x1c\x08\xbf\x81\xf8\x1a\x88\xaf\x81\xf8\x1a\x88\xaf\x81\xf8\x1a\x88\xaf\x81\xf8\xba\xb2\x37\x34\x36\xe8\xc4\x09\xb6\xae\xcc\xe6\x7c\xd0\x93\xf3\x02\x32\xe8\xec\x35\x90\x41\x8b\x14\x40\x06\x0d\x64\xd0\xd3\x90\x41\x5b\x40\x06\x0d\x64\xd0\x73\x20\x83\xce\x5a\x91\x23\x88\x72\xdc\x50\x1c\x9b\x3d\x0a\xe5\xb7\x78\x52\xa0\x47\x79\x4a\xf5\x2b\xbf\x63\x17\xea\xb1\xa0\xed\x29\x44\xe8\x69\x19\xe5\x4f\x1b\xd2\x90\x5a\x2d\x9a\x56\xcf\x31\x09\xf8\x63\x52\x65\x24\xb9\xe3\x00\x01\xfb\x99\x99\xc0\xd0\xf7\xf5\xc6\xe1\x86\xf3\x2d\x67\x82\x5e\x0a\x1f\x60\x43\x97\x87\x22\xeb\x4b\xea\xfe\x70\x49\x48\x7a\x42\x35\x74\xa3\x51\x7c\xdb\xb5\xe9\x78\x33\xe7\xbe\xb1\x59\xe6\x8c\x99\xe4\x85\xa0\xdc\x16\xd2\x2d\x65\x3b\xf2\x9c\xa9\x7d\x14\x4c\x59\x95\x0f\xdd\xdb\x1e\x42\xa7\x07\xd0\x72\x17\x94\xe5\x2f\x66\xa3\x88\x06\x97\x07\x58\xc2\x2d\xc5\x23\x42\x69\x7e\x20\x72\xb1\x27\x8c\x58\x21\x09\x3c\xd7\xc6\x4c\x38\x18\x20\xc4\x32\xef\x87\x0c\x3d\x2e\x48\x16\x61\x3c\xc9\xf1\x60\x62\x17\x26\x89\xcc\xdd\x88\x9a\xf8\x2e\x98\xb3\x9d\xd7\x79\x3c\x1c\x8d\x9b\xeb\xbd\x9c\xa3\xf1\xf2\xd8\x16\x8e\xc9\x8d\xf6\x5a\xab\xd9\xbc\x43\xf9\xc3\xa7\x2c\x41\x43\x63\xa9\xb2\xc5\xfd\x1c\xb9\xf6\x08\xe9\x5c\x7d\x11\x45\x61\xec\x57\xec\x00\xd5\xae\xe9\xe6\xe8\xfc\xec\xea\xe2\xfc\xeb\xd7\x93\x8b\xaa\xfb\x80\xca\x8a\x76\x2b\x23\x6b\x91\x43\x52\xfe\xe6\xba\x2b\x88\x59\x28\x77\x06\x23\x62\xdf\x5b\x3a\x4d\x8c\x9e\xcc\x32\x85\x1d\x4c\x23\x66\xda\x60\xb0\x81\xfd\xd1\xca\x36\x98\x40\x04\x09\x44\x90\x40\x04\xf9\xca\xe8\x4c\x80\x08\x12\x88\x20\x81\x08\xb2\x62\x73\x06\x44\x90\x86\x42\x80\x08\x32\x1d\x29\x20\x82\x2c\x8d\x25\x10\x41\x16\xea\x0c\x44\x90\x40\x04\x09\x44\x90\x40\x04\x09\x44\x90\xaf\x6c\xe7\x04\x44\x90\x40\x04\x09\x44\x90\x40\x04\x09\x44\x90\x40\x04\x09\x44\x90\x40\x04\x99\x4b\x00\x44\x90\x40\x04\x09\x44\x90\x40\x04\x09\x44\x90\x40\x04\x09\x44\x90\x40\x04\x09\x44\x90\x40\x04\x09\x44\x90\x40\x04\x09\x44\x90\x8b\xea\x41\x20\x82\x04\x22\x48\x20\x82\x04\x22\x48\x20\x82\x04\x22\x48\x20\x82\x04\x22\x48\x20\x82\x7c\x1b\xd1\x2e\x40\x04\x09\x44\x90\x40\x04\xb9\x96\xc4\x45\xeb\x4c\x04\x39\x3d\x2f\x07\x50\x48\x02\x85\x64\xe1\x07\x14\x92\x40\x21\xf9\xb6\x29\x24\xd1\xd4\x80\x0a\xe4\x93\x40\x3e\x09\xe4\x93\x85\x1f\x90\x4f\x02\xf9\x24\x90\x4f\x02\xf9\x24\x90\x4f\x56\x75\x13\x90\x4f\x36\x1a\x4e\x20\x9f\x4c\x3f\x03\xf2\xc9\xc9\xfd\x00\xe4\x93\x40\x3e\x09\xe4\x93\x40\x3e\x69\xcc\x11\xc8\x27\x81\x7c\x12\xc8\x27\x81\x7c\x12\xc8\x27\x5f\xf1\x71\x3c\x90\x4f\x1a\xf3\x00\xf2\xc9\x29\xc8\x27\xf7\x9a\x31\x4e\x36\x23\x9b\x5c\x57\xba\x49\x60\x9a\x04\xa6\xc9\x57\xc1\x97\x02\x4c\x93\x53\x2d\xe8\x57\x41\x32\xb9\x36\xc4\x90\xc0\x09\x29\xbf\x01\x4e\x48\xe0\x84\x04\x4e\x48\xe0\x84\x4c\xde\x01\x27\x24\x70\x42\x02\x27\x24\x70\x42\x02\x27\x24\x70\x42\x02\x27\xe4\x62\x39\x21\x81\x0e\x12\xe8\x20\x81\x0e\x12\xe8\x20\x4b\x74\x90\x7d\xa0\x83\x04\x3a\xc8\x55\xa1\x83\x04\x4e\xc8\xe5\x72\x42\x02\x2b\x64\x05\x2b\xe4\x72\xfa\xe7\x35\x31\x43\x2e\x6f\x46\xad\x2f\x3b\xe4\xf2\xfa\x68\x7d\x19\x22\x97\xb4\xf2\xd6\x8e\x25\x72\x69\xfd\xf2\xf2\x12\x6f\xee\x4c\x91\xcb\x5a\x77\xeb\xc4\x16\xb9\x9c\x3e\x79\x1d\x8c\x91\xcb\xe9\xab\xd7\xcd\x1a\xb9\x9c\x3e\x7c\x0b\xcc\x91\x2f\xd0\x93\xaf\x86\x3d\x72\x39\x7d\xf7\xca\x18\x24\x97\xda\x69\x6b\xce\x22\xf9\xd6\xa8\x24\x71\x10\xb0\x46\x2e\x4e\xc0\x1f\x09\xfc\x91\xc0\x1f\x09\xfc\x91\xeb\x10\xb0\x92\xbd\x9b\x13\x93\xa4\x9e\xe1\x5b\xe5\x94\x4c\xd6\xf9\x91\x87\x19\x3b\xd3\x4e\x5b\x45\x1f\x59\xc9\x74\x48\x92\x03\x05\x25\x02\x0a\xca\xf5\xa4\x2f\x5a\x67\x0a\x4a\x20\x92\x04\x22\x49\x64\x9c\x2d\x40\x24\xa9\x37\x03\x88\x24\xdf\x14\x91\xe4\x3b\x74\xe8\x38\x5c\x19\xf8\xc3\x23\xbf\xd0\x0f\xd1\x00\x74\x1c\xba\x7c\xcb\x21\x36\x2a\x12\x32\x78\x8a\x80\x84\x5c\x41\x42\xdf\x7d\xf7\x17\x3a\xa6\x63\xec\xfa\xe8\x92\xda\xf7\x44\xc4\x19\x61\xcf\xa3\x3f\xd1\xb1\x7b\xcf\x77\xe1\x39\x0c\x15\x6e\x61\xe3\x71\xec\xbb\x36\x8e\x88\xdc\x8f\x49\x8a\x27\x2a\x4b\x21\x48\x9a\x72\xd0\xe5\xa3\x6f\xa3\xc3\x81\x89\x95\xe3\xce\x23\xbf\x1e\xa8\x67\x39\xa2\x6a\x66\x40\xe5\x4d\xf8\x41\xbd\xd3\xf1\x30\x0f\xa9\x95\xc3\x62\xce\xdc\x2a\xd3\x19\x95\xba\x3b\x5f\x0d\x60\xd5\x04\x56\x4d\x60\xd5\x2c\xfc\x80\x55\x13\x58\x35\x81\x55\x13\x58\x35\x81\x55\xb3\xaa\x9b\x80\x55\xb3\xd1\x70\x02\xab\x66\xfa\x19\xb0\x6a\x4e\xee\x07\x60\xd5\x5c\x77\x56\xcd\xa4\x30\x99\x85\xdc\xe5\xb0\x47\xdf\x2e\x7e\x6e\x6a\x39\x9f\x67\x78\x48\xfc\x74\xe5\x00\x45\x27\x50\x74\x02\x45\xa7\x96\xe3\xca\x51\x74\x96\x47\x5f\xe9\xdd\xd5\x06\x27\xc3\xda\x32\xc3\x44\x45\x7d\xe4\x24\x3c\x4e\x46\xa6\x3c\x13\x51\x79\xf1\x95\x90\xc5\x34\x5f\xcb\x56\xb4\x72\x4d\x27\x58\x9b\xda\x56\x39\x89\x24\x54\xd6\xaf\x81\xf0\x95\x39\x76\xf3\xa7\xef\x59\x7b\x32\x3b\x59\x9a\xd2\x10\x45\x58\xea\x85\x98\x89\xa1\xe3\x1a\x80\x76\xc8\x2a\xfe\xe9\x91\xc8\x52\x1e\x3a\x9b\x12\x6d\x37\x45\xb2\xb4\xc3\xfe\x6f\xec\xb0\x34\x08\x11\xa5\x61\xa7\xcb\xa4\xcb\x5b\x03\x1a\xd8\x39\x11\xc1\xa6\x7e\x4b\x2b\xc3\xfe\x5a\xc9\xdc\xca\x66\xa1\x6e\x6d\xef\x2d\x65\x6a\xe4\x1a\x33\xc0\x56\x79\x3f\xbd\xa4\x47\x10\x38\xe7\x98\xeb\xbd\x22\x6c\xb2\xd5\x9e\x2a\xa9\xad\xa8\xe0\xac\x02\xfc\xb3\xeb\xc1\x3f\x5b\xa6\x83\x7d\x0f\x74\xb0\x40\x07\x0b\x74\xb0\xaf\x84\x2a\x09\xe8\x60\x81\x0e\x16\xe8\x60\x81\x0e\x16\xe8\x60\x81\x0e\x16\xe8\x60\x81\x0e\xf6\x75\xd1\xc1\x56\x2a\x5d\xc0\x13\x5b\xaf\x26\x02\x4f\x2c\xf0\xc4\x02\x4f\x2c\xf0\xc4\x02\x4f\x2c\xf0\xc4\x02\x4f\x2c\xf0\xc4\x02\x4f\x2c\xf0\xc4\xe6\x3f\x03\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\x08\x45\x01\x9e\x58\xe0\x89\x05\x9e\xd8\x55\xa1\x63\x5c\x53\x42\x2e\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\xe0\x89\x05\x9e\x58\x55\x04\xf0\xc4\x02\x4f\xec\x4b\xaa\xa5\xc0\x13\x5b\x6c\x0a\xf0\xc4\x16\x7e\xc0\x13\xdb\x68\xa2\x00\x4f\x6c\xb9\x4e\xc0\x13\x0b\x3c\xb1\xc0\x13\x2b\x7e\xc0\x13\xab\x77\x13\xf0\xc4\x02\x4f\x6c\xf6\x03\x9e\x58\xe0\x89\x4d\x5a\x01\x3c\xb1\x13\xe6\x1b\xf0\xc4\x02\x4f\x2c\xf0\xc4\x02\x4f\x2c\xf0\xc4\x02\x4f\x2c\x38\xe7\x00\x4f\x2c\xf0\xc4\xce\x9f\x27\xd6\xca\x2c\x23\x40\x19\x0b\x94\xb1\x40\x19\xfb\x4a\x58\x93\x80\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\x28\x63\x81\x32\x16\xa2\x52\x26\x7c\x08\x94\xb1\x40\x19\x0b\x94\xb1\x40\x19\x5b\xfc\xbd\x62\xca\xd8\xe9\xa9\x67\x80\x6c\x16\xc8\x66\x0b\x3f\x20\x9b\x05\xb2\xd9\xb7\x4e\x36\x3b\x0b\xa0\x02\x4d\xed\xcc\x34\xb5\xd3\x0f\x00\x10\xdc\x02\xc1\x2d\x10\xdc\x16\x7e\x40\x70\x0b\x04\xb7\x40\x70\x0b\x04\xb7\x40\x70\x5b\xd5\x4d\x40\x70\xdb\x68\x38\x81\xe0\x36\xfd\x0c\x08\x6e\x27\xf7\x03\x10\xdc\x02\xc1\x2d\x10\xdc\x36\xce\x17\x08\x6e\x81\xe0\x16\x08\x6e\x81\xe0\x16\x08\x6e\x81\xe0\x16\x08\x6e\x81\xe0\x16\x08\x6e\xb3\x82\x81\xe0\x16\x08\x6e\xd7\x94\xe0\x76\xbf\x21\xa9\xed\x3b\x69\xda\x14\xfc\x17\x68\x44\x42\x11\x7a\x38\x03\xb3\xa1\x72\xea\x6e\x4e\x6f\xd8\x8e\x59\xa9\x19\x07\x21\xaa\xa3\x57\x9a\x2f\x8d\x5a\xc6\xc5\x33\x5f\xfa\xd8\xda\x26\xa0\x3c\x83\x5b\xab\x92\xeb\xf8\x15\xe7\x42\xe2\x38\x8f\x2c\xa7\x63\xd0\x2a\xf2\x22\x55\x0e\x79\x16\x8d\x30\x3b\x19\xe1\x34\x53\x6e\x79\x9c\x88\xaf\x90\xae\x6f\x01\xd4\x7c\x6d\x59\xf8\x26\xb1\x96\xb5\x9f\xa3\xad\x08\x9a\xf2\x81\x33\xc0\xd2\x34\x05\x4b\xd3\xbb\x77\x62\x2f\x9a\x93\x7a\x3a\xf1\x72\x33\x02\x25\xf3\xe1\xe3\x24\xfa\xa4\x77\xe8\x8a\xaa\x33\x53\xc9\xa3\xb4\x81\x98\xf0\x57\x73\x99\x3c\x96\x51\x19\x0a\x36\xa5\xeb\x0e\xfa\x0f\xec\x3b\xff\x21\x92\x60\xe4\x53\xdf\xfa\x37\x09\xa9\x3a\x33\xe4\xda\xab\xa4\x62\x4a\xb6\x47\x22\x7f\x11\x79\xd1\x45\xe8\x4f\x82\x42\xc2\xf5\x0b\xde\x56\x69\xf0\x51\xc4\x4d\x9a\x43\xf2\x98\x0a\x32\x25\xec\xa3\xdd\x9e\x52\xbe\xd1\xe1\x2d\x7d\x20\xa8\xdf\x53\x0f\x90\x1b\x49\xb3\xd4\x3b\x44\x18\x23\x7e\xe4\x62\x8f\xab\x5f\x13\xf8\x9e\xa6\x65\x45\xba\xf6\x1b\x71\x19\x35\xa2\x32\x32\x33\x19\xf5\xf4\x04\x46\x22\x23\x9d\xf4\x66\x12\x8d\x51\x89\xc5\xe8\xcf\xc3\x8b\xb3\xd3\xb3\x4f\xc5\x54\x6d\x78\x8c\xa6\xa3\x31\x4a\x59\x8c\xfa\xbb\xbd\x5e\xfe\x85\x99\xbd\x48\x6f\x5a\x66\xd9\x2b\x30\xfa\xa0\xeb\x0e\x8b\x6f\x7d\x12\xc9\x74\x31\x23\x03\xea\x1c\xb9\x4e\x98\x3b\xa7\x7b\xce\x97\x57\xc5\x6f\x54\x22\x37\x2a\x16\x75\xbf\xcf\x6e\xf8\x12\xbf\x89\xe8\x3d\xf1\x93\xd6\x5f\x9e\x5c\xfc\x38\x3d\x3a\x39\x3c\x3a\x3a\xff\x7e\x76\x75\x73\x75\xfe\xe5\xe4\x8c\xb7\xbe\xba\x02\x75\xc4\x48\xaa\x94\xc0\xbd\x09\x29\x55\xcd\x4a\xec\x2e\xb9\x9e\x56\xc5\xde\x7c\x3e\xbf\xbc\xba\xb9\x39\x30\xbe\x1b\x9c\x5f\x5c\x95\xf8\xa4\xda\x10\x2f\x65\x3b\x21\xad\x09\x55\x13\xd0\x48\xba\x54\xcd\xb9\x34\x05\xe5\x52\xf2\xaf\x8c\x70\x29\x8d\xea\x6c\x10\x80\xb8\xd9\x20\x00\x31\x63\xe9\x7c\x89\x38\xc4\x4c\xfb\x6b\xbe\x5f\x81\x90\x44\x08\x49\x5c\xe3\x90\xc4\x84\x7b\x49\xeb\x3f\xde\xc3\x87\xe5\xc7\x28\x25\xd4\x3d\x16\x6d\xbe\x4c\x9b\x75\x3a\xf4\x69\xfa\x58\x1a\xb4\xf8\x72\xca\x81\x5e\xce\x76\x78\x45\xc2\x71\xd9\xc5\xc2\x92\x93\xfe\xe4\x57\x10\x12\xc9\xa3\x6a\xf0\xeb\x52\xa6\x37\xa3\xc9\xb1\x9c\x5a\x37\xa6\x9d\xd1\xe8\xb4\xe4\xc2\x8d\x12\xab\x8d\xa9\x2c\x59\xde\x4f\xd7\x77\xe8\xcf\x34\x73\x43\xb0\xa4\x5c\x6e\x7a\x34\x66\x66\xc2\x32\x9a\x4c\x17\x13\xcc\x59\x30\xe9\x35\xb5\xb8\x6e\x82\xc5\xb5\xee\x43\x51\xae\xd4\xb9\x2c\xbe\x3b\x2a\x2e\x31\x69\x7d\x0c\x3c\xec\x17\x9c\x93\xb2\x4c\xaf\x3b\x2a\xdb\xdc\xfb\xa4\x46\xd7\x1d\xad\x2f\x3b\x2d\x8a\x26\x91\xed\x4c\x5f\x64\xd2\x0d\x69\x82\x86\xf1\xa7\x4d\x23\x35\x27\x7b\xbe\x6f\x82\xe7\xfb\x82\x3d\xdf\x53\xaf\xcb\xa2\x83\xdf\x9d\x5b\x15\x2b\x94\x3a\xf7\xfd\x71\xfa\xf5\x64\x70\x78\xf5\xb9\xb2\xe0\x8c\xbc\x77\x72\x91\x7c\x65\xb3\x47\xe6\xd1\xe1\x84\x52\x53\x97\xc2\x7f\x54\xd9\xe6\xaf\x3b\x95\x6e\xcf\xa5\x66\xb2\xc8\xa1\x71\xd4\xb4\xc8\x7a\x2f\xc6\x3f\x71\xe8\xbb\xfe\xb0\x5c\xf8\x4b\xfb\x97\x83\x6b\x2d\x6a\xe7\x5a\xfb\x63\x89\xae\xb5\x4b\x72\x93\xd7\x09\xa8\xf3\x95\x58\x6e\xf0\x0b\xf8\xcb\xcf\xc9\x5f\x7e\x39\x81\x1c\x69\x29\x96\xeb\x5b\xa7\x83\xa4\xc1\x62\x09\x4f\x58\x15\x7c\x36\xb6\x77\xd8\xce\x08\xe2\x59\x1c\x48\x57\xe7\xf4\xf8\x56\xf8\x5d\x8a\x8d\x5a\x62\x62\xad\xad\xc2\xd5\x3f\x06\x9f\x0f\xbf\xec\x5f\x2a\x5b\x4b\xdb\xe8\xa9\x79\x47\x90\x94\x0d\x9e\x26\x38\x58\x9f\xc0\xb0\xe5\x45\x2d\x41\x28\x40\xcb\x50\x80\x97\xf6\xf5\x9f\xd0\x9c\xf4\xdb\xb9\xb4\x67\xc5\x7c\xf6\x5f\x8b\x1b\xfd\x04\x9e\x8d\xcc\x0c\x0b\x74\x1b\x40\xb7\x51\x29\xf4\xde\x04\xdd\xc6\xda\xd1\x45\x4c\x8e\x6b\xd9\x84\xb8\x96\xc2\x77\xeb\x1d\x5f\x72\xed\xbf\x43\x47\xea\x92\x46\xcf\x93\x38\x57\xc1\x9a\xca\xc4\x35\x66\xf2\x52\x3c\xf1\x99\x84\x7a\xcd\x6c\x96\xb9\x20\xa1\xb1\x9c\x26\x8b\x25\x6e\x4d\x62\x1f\x5e\xf5\x45\x29\x06\x3f\x1e\xb8\x8e\x00\xae\x23\x80\xeb\x08\xe0\x3a\x02\xb8\x8e\x00\xae\x23\x80\xeb\x08\xe0\x3a\x02\xb8\x8e\xe0\x05\xae\x23\x58\x74\xe0\x27\xff\x9f\x70\x0f\xf1\x09\xea\x1e\x79\x34\x76\x06\x21\x7d\x70\x1d\x12\xa6\x27\xa8\x69\xd4\xeb\x34\x37\xb4\x8a\x93\x04\x2d\xd7\xe7\x67\x2b\x11\x86\x0d\x6e\x6b\xad\xfc\x3a\x73\xa9\xd5\xeb\x50\x1a\xb2\xcd\x87\xed\x2a\x89\x5d\x11\x0e\x29\xb3\xb7\xdc\xc0\x0d\xac\xbe\x1a\x22\xdd\x1d\xc9\x76\x9d\x50\xb5\x4a\x3f\x1f\x51\x6f\xf9\x67\xdf\xa8\x43\x0e\x90\x3a\xd1\x48\xf3\x8e\xce\xe3\x68\x48\x5d\x7f\x98\x98\xf0\x6a\x46\x77\x40\x9d\x9a\x21\xb5\xa3\xda\xbe\x4b\x6b\x6b\x24\x4d\x0f\x89\x38\xde\x92\xd3\xf3\x00\x9d\xfb\x7f\x48\x3b\x2b\x7f\x57\xf4\xc7\xa9\xf4\x49\x31\x79\xa3\x54\x3b\xde\x98\x52\x17\x7c\x2f\x2c\x53\x03\x73\x46\xb7\xe4\x45\xd2\xd5\x39\x7b\xdb\xad\xeb\x6f\xb2\x91\x22\x80\xb6\xe5\x7f\xd3\xac\x10\x0e\x02\xef\x11\x59\x77\xd5\x93\x49\x46\x31\x27\x66\xba\xcc\x40\x57\xef\xe8\x50\x11\x4b\x67\xb0\xc6\x58\xf9\xb9\x95\x37\x44\xe5\x08\x57\x28\x8d\x36\x05\xcc\x68\x16\x92\x9a\xaf\x53\x73\x59\x61\x12\xd7\x2e\x3a\xd1\xb3\x11\x19\xe7\xc3\x22\x85\xb9\x6c\xe2\x77\x48\x8f\xc5\xaf\xeb\x4c\xbf\xc4\x25\x41\x22\xdb\x41\x57\x5f\x2f\x11\x23\x76\xc8\x25\x9b\xe6\x0f\x96\x86\x00\xfa\xd8\xb3\x1e\xfa\xdd\xfe\x76\xc3\x10\x40\x74\xea\xdb\x5e\xec\x10\x84\x13\xf5\x27\xa4\x1e\x49\x8f\x93\xf5\x88\xdd\xd4\xa3\x76\x43\xb8\xf3\xfa\x0e\xba\x75\x7d\x07\xb9\xc2\x03\xa0\x98\x58\x1d\x93\x61\x89\xaf\xdd\x85\x86\x15\xea\x11\x85\x99\x11\x56\x7a\x17\xe7\xaf\x74\x0f\xa8\xc3\x36\xa4\xcb\x9b\x64\xca\xc8\x62\x0a\x8d\x17\xb0\x37\x0c\xe3\x2b\x44\xad\xb5\x08\x56\x9c\x25\xd6\x6e\x52\x40\x5f\x66\xf0\x72\x5c\x66\x0b\xa2\x56\x95\x5c\x9c\xc2\xf3\x21\xc6\xce\x03\x09\x23\x97\x91\x31\xf1\x33\x77\xa9\xca\x80\xb2\x8a\x5c\xc5\x71\x2f\xeb\xce\xd6\x38\xd1\x7f\x35\xd1\x96\xef\xd0\x59\x6a\xd5\x42\xb6\x47\xb0\x70\xca\x3d\xa3\x0e\x51\x10\xad\x79\x24\xa3\x3b\x0f\x0f\xb5\xfa\x04\x7a\x73\x52\x83\x98\x70\x93\x60\x88\xd1\x31\x29\xc4\xa6\x68\x3b\x00\xbe\xf8\xc4\x84\xd6\x1c\x91\xb5\x9c\xb3\x88\xae\x77\xe8\x4f\x5e\x8a\xac\xde\x08\xfb\x43\x79\xd7\x82\xe6\x20\xa6\x2b\x36\x6e\xc5\x84\x5b\x5e\x70\x60\x66\x30\x56\xdd\xc1\x2b\xae\x6c\x84\x5a\xfb\x67\x5e\x16\x85\x75\xa0\x4d\x5a\x85\x0d\x15\xd5\xae\x88\xa6\x2c\xad\x6f\x31\xb6\x84\xe9\xc1\xba\xd3\xd5\xb9\x36\xd2\x37\xc8\xca\x57\xdd\x35\xa6\xbe\x1b\xd1\x90\x09\x62\x6e\x1a\x33\x74\x74\x71\x2c\x17\x95\xba\xdd\xdf\x54\x09\x88\xc0\x5c\x44\x04\x66\x93\x28\xdc\x6c\xdc\x62\x96\x30\x62\x0b\x09\x20\x57\xb0\x44\x01\x31\x84\x99\x03\xd3\x9c\x86\xb0\xd4\x85\xb5\xe3\x56\xd9\x19\x93\xe2\x4e\x75\x28\x6a\x85\x70\xea\xa4\x2e\x3d\x30\x5a\x42\xb0\x76\x7e\x39\x33\xc1\xf6\x34\x76\x65\x44\x80\x08\x95\x10\xbc\x30\x21\xf9\x2b\x0e\x5d\x05\xf9\xb9\x4b\x5b\x1e\xb6\xba\x7b\x29\xd5\x95\xcc\x27\xe3\xbb\x52\xce\x61\xda\x6d\x38\xd4\x37\x5c\xce\x62\x86\x89\xf6\xc3\x5b\xb3\x78\xf2\x6b\xb0\xe9\x00\x42\x38\xf0\x52\xc2\x81\x15\x61\xd3\x1f\x1e\x16\x7e\x9b\xb9\xe6\xbc\x43\x83\x58\xf8\xab\x49\xb6\xb5\x32\x29\x93\x4d\x43\x42\xd9\xe6\x9d\xfc\x78\xf3\xd6\xa3\xb7\x9b\x32\x50\x6d\xf3\x98\xda\x31\x57\xa7\x44\x95\x24\x5f\x93\x4a\x66\x89\x2a\x3f\x72\xe5\x7e\x21\xda\xb0\x2a\xa6\x8a\x60\x23\x9b\x69\x99\x83\xf5\x54\xf4\x14\xd3\x64\x5a\x83\x13\x0d\x78\x13\x5a\x95\xd2\x44\x90\xab\xc1\xe7\xab\x44\x80\xdf\x5d\x79\x16\x64\xbb\x1a\x1f\x7b\x85\x89\x6b\xda\xcf\xa4\x2b\x6e\x1e\xdb\x1a\xbe\x8d\xcb\x86\x73\xae\x4b\x34\xcd\xb6\xd5\xf2\xf4\x71\xad\xcd\xa4\xd8\x9f\x89\x7b\x51\xe3\xee\x5c\x2c\xde\xf1\xee\x4c\xf7\x8a\x0b\x00\xbc\x39\x77\xe6\x22\x48\x0f\xa4\x27\x00\xef\x7b\xd5\xcf\xe8\x61\xbb\xdb\xef\xf6\xf9\xf3\x04\xe0\x1c\x6a\xb3\xb2\xf4\xdb\xe4\x09\x37\x43\xe2\x11\xcc\x08\x7b\x97\x7d\x56\x0c\x07\x16\x86\x04\xe9\x5e\x76\x47\x3d\x8f\xfe\xe4\x3b\x34\x9b\x8e\x03\xea\x13\x3f\x4a\x2c\xbf\xbc\x8b\xde\x21\xa4\xfb\xa9\x1c\x64\x79\xa6\xcf\x6d\xdf\xcd\x3f\xce\x21\xee\xc1\x43\xaf\xfb\x81\xbf\x4a\xa7\x9e\xa8\x4c\x6a\x59\x45\x2e\x93\x2e\xf8\xe2\xe6\x12\x29\x9d\x05\xc7\x1c\xf1\xee\x04\xe9\x22\x71\x54\x6f\xe8\x2a\x41\x77\x3a\x0b\xad\x9a\x5f\xa9\x59\x69\xa2\x51\x56\x6e\x62\x5c\x3f\x22\xe1\x1d\x4e\x82\x05\x84\xeb\x0e\xaf\x51\xc2\x14\x8a\xae\xe3\x5e\x6f\xdb\xb6\xc4\x7f\xa4\x7f\x95\x76\x0b\x4b\xb2\x37\x7b\x87\x4e\xef\x90\x47\xee\x22\x74\xeb\x61\xff\x7e\x83\x77\xbf\x54\xe8\xb2\xfc\x5d\x96\x38\xd7\x67\xc4\x9f\xbc\xdf\x7f\x63\x32\x87\xc4\x9f\x5f\x84\x53\x89\x5c\x45\x4d\x6e\xdc\x3b\xd1\x08\xe9\xcd\xce\x9f\x9c\x26\x59\x4a\x87\x76\xb5\xef\x1d\x91\x68\x44\x42\xae\x68\xf9\x54\x18\x83\xc6\x98\xfd\x15\x13\xa1\x7d\x45\x21\xbe\xbb\x73\x6d\x61\x2f\x20\x2c\x52\x61\x65\x4c\xa4\x94\xbe\xe8\x32\x93\x24\x6a\x50\x6d\x12\x44\x25\xb2\x6c\x74\x87\xe0\xfc\x2e\xb0\x1d\xb9\x04\x12\xdf\xb1\x80\xd8\x2e\x56\x26\x36\x19\x1a\x2a\x6d\x6c\xd2\x5d\xf2\xce\x1d\x26\x21\x0a\x08\xc7\x11\xe5\x6a\xb2\x8d\x3d\xef\x11\x05\x34\x88\x3d\x9c\x84\xe7\x36\xa1\xa9\x68\xc6\x53\x31\x99\xa8\xa2\x8a\xa9\x22\x4f\x6d\x50\xc1\x55\x91\x90\x84\x7e\xbb\xfa\x8e\x12\xba\x4f\x75\x5e\xc1\x1f\xf5\x0a\xb4\x9f\x29\x8f\xc4\xd3\x13\x7f\xff\xfc\xbc\x91\xf2\x77\xa6\x64\xa1\x7a\x14\x2a\x6a\xcc\x82\xd1\x92\x06\x63\x4a\x1e\x8c\x4a\xbe\x8b\x86\x84\x17\xcd\x18\x2f\xf2\x8c\x13\x35\x9c\x17\x26\xda\x8b\xba\x7c\xea\xa8\x2b\xda\x51\x4b\x68\xdc\x12\xb9\x52\x2a\xe7\x8c\x91\x5e\xa2\x86\x5f\x62\x1a\x82\x89\xac\x52\x3a\xc5\x04\x5f\x89\x89\x26\x6e\x5c\xd2\x5d\x69\x0b\x27\x0e\x87\x35\x9a\xd3\xd9\xf2\x84\xc5\x3e\x89\x04\x14\x77\xff\x8b\x71\xc8\xfe\xef\xd2\x7a\x3c\x4b\x56\x9f\x39\x4c\x47\x5b\x71\xbf\xab\xdb\x66\xf2\xc3\x70\xdd\xb9\x4a\x3b\x4c\xf0\xe9\x8a\x5a\xa8\xb4\x5d\xfe\x4e\x1f\x86\xe7\xb4\x91\x6f\x92\x45\x63\x82\xa6\x53\xcd\x9f\x21\x3e\x9c\x92\x39\x43\x15\xfa\x56\x38\x33\xfc\x8c\xb1\x13\xd8\x32\x80\x2d\x03\xd8\x32\x66\x60\xcb\xe0\xfa\x37\xf0\x64\x18\x3e\x34\x53\x47\x68\xd0\xf3\x86\x6e\x28\x6f\x7e\xe5\x38\x84\x5c\xe5\xbf\x9a\x22\xe4\xca\xc7\xde\xeb\x89\xb8\xca\xdb\x09\x8a\xbf\xb7\x13\x70\x05\xf7\x02\x57\x65\x57\x88\x13\x02\x8a\x9d\x97\xa7\xd8\x81\xcb\x65\xab\x17\xf1\x31\xf5\x7f\x8b\x12\x3e\xdb\xdf\x3f\x0d\xe6\x72\xa7\x6c\x35\xf5\xd0\x12\x89\x78\xa4\x72\x53\xaa\x81\xd4\x09\x36\xf8\xc6\x99\x49\xc5\x60\x03\xe1\x48\xdd\x53\x20\xd9\x89\x42\xc2\x77\x66\x9e\xcb\xf7\x31\x9e\x87\xdc\x40\x5e\x87\x85\x58\x54\xba\x65\xa8\x48\xb9\x71\x75\xf8\xfb\xd7\x93\xcb\x8b\x93\x3f\x2e\x4e\x2e\x3f\x9f\x9e\x5d\x9d\x5c\xfc\x38\xfc\x5a\x59\xcd\x3d\x03\x19\xcc\x19\xd5\x38\x1c\x54\x20\x60\x7b\x2a\x07\xa0\x7d\x99\x92\xf6\xa5\xff\x61\xab\xdb\xdf\xdb\xef\xf6\xba\xbd\xcd\xfe\x1e\x30\x39\xad\xcd\x25\xa9\xc0\xa3\xb6\x70\x1e\x35\x60\x81\x79\x5d\x17\xc2\xce\x9b\x24\x66\x96\xe6\xae\x18\x87\x0c\xdc\xfb\x3a\x0f\xc2\x9a\x90\xef\x72\x92\x53\x9e\xec\xe4\x5a\x9e\x20\x88\x13\x3a\x6b\x3c\x0c\xc5\x56\x80\xf8\x39\x3b\xb1\xf0\x6d\x57\x97\x6b\x72\x01\x2b\x12\x33\xc3\x66\x45\x77\xcf\xaa\x30\x9d\x70\x3d\x50\x1d\xf2\x9c\x8e\x87\x55\x16\x14\x74\xdd\x11\xfb\xc5\x5b\xd7\x4f\x7c\x14\x1c\x15\x4f\x63\xb9\x81\x35\xc6\xec\xaf\xe4\xcf\x42\xfd\xaf\x3b\xe8\x5f\xf3\x01\xb8\xf2\x0e\x2a\x69\xe6\xe0\xfc\x78\x61\x9b\xfc\xe4\xac\xa2\x5b\x66\x44\x2b\x16\x7f\x39\x38\x3c\x5a\x7c\x1d\xc4\x41\x53\x85\xe8\xf9\x7a\x78\x76\x76\xf2\xf5\xf8\xe6\xf4\x8f\x96\x35\x99\xb7\x95\x27\xf3\xaf\x98\x54\xd3\xc1\xcd\xb7\xc3\xcb\xff\xf3\x82\x75\xcd\xdc\x30\x1a\x21\x6e\x1b\x24\x9c\x84\x83\x35\xc0\x64\xe5\xdd\xd9\x2c\xfb\xae\xd0\x02\xbd\x16\x24\xb2\x73\x9e\x98\x9b\x49\x52\x20\xd2\x59\xbb\x0b\xa2\x6f\x1f\x93\x31\x37\x8c\x4a\xc5\x6c\x28\x87\xf9\xc9\x5f\xdd\x2a\x58\x77\xbe\xa0\x59\x83\x9f\x27\x1c\xdd\x6b\x0e\x0d\x0b\xe4\x25\x02\x4a\xa2\x59\x28\x89\x80\x7a\x07\xa8\x77\x80\x7a\x07\xa8\x77\x80\x7a\x07\xa8\x77\x80\x7a\x07\xa8\x77\x96\x46\xbd\x53\xa2\xa3\xd8\x05\x3a\x0a\xa0\xa3\x00\x3a\x0a\x04\x74\x14\x40\x47\x01\x74\x14\x73\xa4\xa3\x70\x03\x3c\xbe\xf5\xa8\x7d\xbf\x58\x8a\x0a\x63\x6a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x00\xde\x0a\xe0\xad\x28\xe5\x05\xbc\x15\xc0\x5b\x01\xbc\x15\xc0\x5b\x01\xbc\x15\xc0\x5b\x01\xbc\x15\xc0\x5b\xb1\x14\xde\x8a\x49\x27\xce\x32\xd5\x44\x76\x8b\xc2\x90\x00\xd9\x05\x90\x5d\x00\xd9\x05\x90\x5d\x00\xd9\x05\x90\x5d\xbc\x2e\xb2\x8b\xa3\xd4\xe8\x28\xfa\x02\xe1\xe1\x30\x24\x43\xa5\x5a\x27\x4b\x8f\x8b\x7f\xbe\xef\xac\xa8\xc6\xf7\xcb\x93\x9b\xc1\xf9\x71\x7d\xa4\xbc\x39\x28\x1d\xb8\x36\x80\x6b\x23\xad\x01\x70\x6d\x00\xd7\x06\x70\x6d\xe4\xeb\x04\x5c\x1b\xc0\xb5\x01\x5c\x1b\xc0\xb5\x91\x6f\x2d\x70\x6d\x00\xd7\x06\x70\x6d\x00\xd7\x06\x70\x6d\xe4\x7f\xc0\xb5\x51\xac\x05\x70\x6d\x00\xd7\x86\xfa\x01\xd7\x06\x70\x6d\xe4\xb9\x36\x94\x4b\xe2\xa5\xc8\x2c\x31\x6e\x6e\x26\x67\xfc\x6c\xf3\xde\x71\x2c\x3b\x74\x98\xba\xa1\x1c\xa8\x39\x80\x9a\x03\xa8\x39\x80\x9a\x03\xa8\x39\x80\x9a\x03\xa8\x39\x80\x9a\x03\xa8\x39\xae\x57\x9f\x9a\x63\xa9\x9d\xd6\x66\xaa\x2d\xa6\xc3\x4a\xf3\xac\x66\x86\xe9\x73\xab\xcc\x60\x62\x65\xe6\x20\x20\x33\x01\x32\x13\x20\x33\x41\x40\x66\x02\x64\x26\x40\x66\x02\x64\x26\x40\x66\x62\xc4\x2c\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x20\x33\x01\x32\x13\x6d\x02\x00\x99\x09\x90\x99\x18\x1b\x0c\x64\x26\xeb\x42\x66\x82\xa6\x0e\x2f\x03\x1a\x14\xa0\x41\x01\x1a\x14\xa0\x41\x49\x6a\x00\x34\x28\x40\x83\x02\x34\x28\xf9\x3a\x01\x0d\x0a\xd0\xa0\x00\x0d\x0a\xd0\xa0\xe4\x5b\x0b\x34\x28\x40\x83\x02\x34\x28\x40\x83\x02\x34\x28\xf9\x1f\xd0\xa0\x14\x6b\x01\x34\x28\x40\x83\xa2\x7e\x40\x83\x02\x34\x28\x40\x83\x02\x34\x28\x40\x83\x02\x34\x28\x40\x83\x02\x34\x28\x40\x83\x02\x34\x28\x40\x83\x02\x34\x28\x40\x83\x62\xa2\x41\xd9\x93\xdc\x27\x93\x54\x64\xe5\x10\xa0\xc2\xf5\xa5\x9e\xbc\x76\xe1\x41\x8f\xc1\x08\xf3\x4a\x3a\xf2\xd4\x44\x1e\x6a\x46\xfc\xe9\x8d\xf2\xb1\xbb\x91\x99\xeb\xc7\x2d\xaf\x25\xac\x08\x82\x8a\x16\x18\x54\xd4\x87\xa0\xa2\xf9\x06\x15\x35\x0e\x2b\x5a\x46\x60\x91\xa1\xc8\xfb\x7d\x76\x83\xe3\x68\x74\x13\xd1\x7b\xe2\x27\x6d\xbe\x3c\xb9\xf8\x71\x7a\x74\x72\x78\x74\x74\xfe\xfd\xec\xea\xe6\xea\xfc\xcb\xc9\x19\x6f\x73\x5d\x45\x6a\x23\x93\x20\x2e\x69\x4d\xe3\x92\xc0\xe8\x04\x46\x27\x30\x3a\x81\xd1\x09\x8c\x4e\x60\x74\x02\xa3\x13\x18\x9d\xc0\xe8\x04\x46\xa7\x37\x6b\x74\x9a\x14\xe6\x38\x49\x55\x96\x0c\x5f\x42\x4d\x5e\x13\x16\xde\x06\x0c\x71\xc0\xc2\x5b\x2e\x04\x58\x78\xd3\x91\x02\x16\xde\xd2\x58\x02\x0b\x6f\xa1\xce\xc0\xc2\x0b\x2c\xbc\xc0\xc2\x0b\x2c\xbc\x6b\xc6\xc2\xbb\x86\xf4\xb0\xd3\x30\xc3\xb6\x10\x3b\xf3\x50\xb5\x66\xe3\x82\x9d\x59\xd9\x59\x29\x12\xd8\x09\xc3\xb5\x06\xcc\xaf\xf3\xa6\x64\x6e\xde\x73\xeb\x4f\x7a\xfd\x12\x44\xb0\x0d\xfd\x27\x84\x20\xca\x79\x4f\x54\x51\xd6\xf1\x95\x51\x4f\x56\xf7\x42\x2c\x75\x38\x08\x58\xf5\x0e\x17\xa8\xe9\x92\xfa\x01\x35\x1d\x50\xd3\x69\x9f\x02\x35\xdd\xca\x50\xd3\x5d\xc9\xe7\x44\xba\x11\x49\x82\x07\xc4\x68\x32\xd3\x53\x96\x89\x64\x6e\x09\xfb\x0c\x8e\x64\x70\x8a\x3b\x26\x15\xbc\x6f\x6f\x80\xaf\x2e\x2d\x57\xba\xfb\x58\x5c\xe2\x17\x57\x1c\xf5\xa3\x90\x7a\x81\x87\x8b\x7c\x05\x59\xa6\xd7\x1d\x95\x6d\xee\x7d\x52\xa3\xeb\x8e\xd6\x97\x9d\x16\x45\x93\xc8\x76\xa6\x2f\x32\xe9\x06\x6d\x62\x01\x39\xdf\x4c\xe4\x7c\x09\xfe\x1f\x79\x98\xb1\x33\x4d\x7b\x12\x6a\x90\x95\xcc\xf6\x24\xf9\xb4\x5c\x7e\x40\xe2\x07\x24\x7e\x40\xe2\x07\x24\x7e\xc6\xec\x4a\x31\xb0\xef\xd0\xa1\xe3\x70\x61\xfb\x87\x47\x7e\xa1\x1f\xa2\x01\xe8\x38\x74\xb9\x8a\x29\x14\x53\xb9\xd0\x78\x8a\x80\x84\x1c\xf8\xd0\x77\xdf\xfd\x85\x8e\xe9\x18\xbb\x3e\xba\xa4\xf6\x3d\x11\xc7\x87\xd8\xf3\xe8\x4f\x74\xec\xde\xf3\xdd\x55\x0e\x79\x84\xfb\x7b\xe2\xfa\x4d\xa4\xfe\x2d\x59\x92\xa8\x2c\x85\x20\x79\xf4\x8c\x2e\x1f\x7d\x1b\x1d\x0e\x4c\x21\xc1\x77\x1e\xf9\xf5\x40\x3d\xcb\x11\x55\x33\xc3\x10\x6f\xc2\x0f\x5a\xa6\x94\xa8\x89\xab\x37\x65\x6e\x95\x89\x52\x4a\xdd\x9d\xaf\x46\x3d\xa3\x61\x6e\xeb\x0a\x5c\x86\xf9\xda\x00\x97\x61\xbb\xd2\x80\xcb\x10\xb8\x0c\x57\x8e\xcb\x70\x01\xbc\x7e\x40\xce\x07\xe4\x7c\x40\xce\x07\xe4\x7c\xfa\x67\x40\xce\x97\xfe\x80\x9c\x6f\xfd\xc9\xf9\x90\x86\x11\x52\xa1\x67\x8f\xbe\x5d\xfc\xdc\xd4\x72\xae\x6e\xe1\x21\xf1\xa3\x1a\xa3\x10\x30\xfd\x01\xd3\x1f\x30\xfd\x01\xd3\xdf\x8b\x31\xfd\xf9\xd8\xc4\x26\x07\x1c\x7f\xc0\xf1\xb7\xc2\x1c\x7f\xe5\x56\x28\xff\xd1\x6a\xe3\xa7\x61\x4a\x9a\xa5\x79\x45\x45\xe4\xd8\x1d\xbb\xa1\x38\xe9\x7d\x2c\x0f\x20\x2a\xcf\x59\xa3\x02\x50\xec\xf7\xb2\x45\xd7\x34\xf0\xb5\x96\xcf\xb6\x55\x4e\xf8\x1a\x94\x25\x76\x20\xfc\x71\x8e\xdd\xb0\xc0\xd3\x90\xb4\x27\xb3\xd9\xa6\x29\x53\x9e\x06\x8f\x91\x8a\xaf\x36\x63\x26\x56\x18\xf9\x45\x6c\xed\x20\x4f\xfc\xd3\x23\x91\xa5\xbc\x80\x36\x25\x3c\x6d\x8a\x64\x69\x87\xfd\xdf\xd8\x61\x29\x13\x04\x7a\x7e\x36\x86\x2c\xcd\x97\xd6\xb1\xc4\x31\xf3\x1e\x38\x66\x80\x63\x06\x38\x66\x80\x63\x06\x38\x66\x4c\x25\x03\xc7\x8c\xfe\x0a\x38\x66\x80\x63\x06\x38\x66\x80\x63\x06\x38\x66\x80\x63\x06\x38\x66\x80\x63\x06\x38\x66\x80\x63\x06\x38\x66\x80\x63\x06\x38\x66\x80\x63\x06\x38\x66\x80\x63\x06\x38\x66\x0c\x8d\x00\x8e\x99\xec\x1d\x70\xcc\x4c\xe0\x98\x11\x6d\xe3\x75\x55\xa1\xaf\x95\x6b\x04\xc8\x67\x80\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\x56\xae\x6f\x81\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\x80\x7c\x06\xc8\x67\xca\x5d\x0f\xe4\x33\xed\x4a\x03\xf2\x19\x20\x9f\x01\xf2\x19\x20\x9f\x01\xf2\x19\x53\xc1\x40\x3e\x93\xb3\xce\x01\xf9\x0c\x90\xcf\x00\xf9\x0c\x90\xcf\x00\xf9\x8c\xfc\x01\xf9\xcc\xc4\x3a\x00\xf9\x0c\x90\xcf\x00\xf9\x0c\x90\xcf\x88\x1f\x90\xcf\x00\xf9\x0c\x90\xcf\xcc\x9f\x7c\xc6\xca\x14\x11\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x31\x95\x0c\x3c\x34\xfa\x2b\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x31\x34\x02\x78\x68\xb2\x77\xc0\x43\x03\x3c\x34\xc0\x43\x03\x3c\x34\xa5\x01\x04\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xe0\xa1\x01\x1e\x1a\xfd\x07\x3c\x34\xc0\x43\x03\x3c\x34\xc0\x43\x03\x3c\x34\xc0\x43\x03\x3c\x34\xc0\x43\x93\xbd\x04\x1e\x9a\x79\xf1\xd0\x4c\x1f\xba\x07\x0c\x36\x73\x60\xb0\x99\x7e\x00\x80\xfb\x06\xb8\x6f\x80\xfb\x06\xb8\x6f\x80\xfb\x06\xb8\x6f\x80\xfb\x06\xb8\x6f\x4c\xd9\x01\xf7\x4d\xf6\x1a\xb8\x6f\x66\x6d\x2e\x70\xdf\x00\xf7\x0d\x70\xdf\x00\xf7\x0d\x70\xdf\xd4\xd7\x14\xb8\x6f\x80\xfb\x06\xb8\x6f\x80\xfb\x06\xb8\x6f\x80\xfb\x66\x55\xb8\x6f\xf6\x25\xdf\xcd\xa4\x33\xdc\xd4\x9d\xf8\x82\x0a\xdc\x9b\xc1\x45\x54\x05\x7e\x55\x3a\xc9\x4d\xed\x26\xda\x30\x60\x07\xcd\xcd\xd5\x73\x62\xcc\x41\xe6\x8e\x3d\x5f\x7f\xd7\xda\x26\xa0\x7c\xb8\x43\xab\x92\xeb\x82\x91\xe6\x12\xf1\xb4\x60\x07\xde\x9a\xfe\x89\x35\x47\xb4\xda\x21\x5f\x40\x00\xcf\x34\x33\xef\x15\x04\x9a\x4c\x08\x2a\xa9\x7c\x31\x4d\x90\x48\x45\x84\xca\x24\x7f\xfb\xf6\x13\x26\xc5\xe8\xcc\x3b\x3f\x94\x98\xb8\xca\x7e\xf9\xd5\xa0\x3b\xc1\x39\x3f\x6b\x7f\x66\xd0\x9c\xd9\x47\xbf\x69\xa6\xb3\xb9\xea\xb7\x2a\xa5\xb1\xc7\xfe\x8b\xfb\xec\xd7\xc9\x4f\x2e\xd4\xd7\xc9\x7d\xdf\xd4\xa7\x12\xed\x5a\x74\x69\xcb\x8e\x6b\xe9\xb7\x2f\xb6\x15\x89\x62\xb2\x00\xc7\xfd\x35\xf0\xd9\x97\xea\x1f\xef\x7b\xd5\xcf\xe8\x61\xbb\xdb\xef\xf6\xf9\xf3\x04\xe6\x1c\x6a\xb3\xb2\xbc\xda\xe4\x09\x37\x43\xe2\x11\xcc\x08\x7b\x97\x7d\x56\x74\xe9\x17\x11\xec\xf2\xb0\xfe\x8e\x7a\x1e\xfd\xe9\xfa\x43\x64\xd3\x71\x40\x7d\xe2\x47\x49\x44\x3e\xef\xa2\x77\x7c\x2b\x28\xa3\x06\x78\x3d\x0f\xb2\x3c\xd3\xe7\xb6\xef\xe6\x1f\xe7\x70\xf7\xe0\xa1\xd7\xfd\xc0\x5f\xa5\xc1\x08\x05\xda\x46\x1b\xfb\xe8\x96\xac\x36\x75\xe3\xab\xa0\x60\xbc\x5e\x37\x12\xc6\xeb\x65\x70\x27\xf6\xe6\xc4\x9d\xa8\x27\x58\x07\x8a\xc3\x86\x04\x87\x73\xa6\x37\x9c\x44\x6e\xb8\x4c\x6a\x43\x5e\x50\xe0\xde\x84\x94\xaa\xd6\x25\xe0\x9a\xeb\x5a\x55\xf2\xcd\xe7\xf3\xcb\xab\x9b\x9b\x03\xe3\xbb\xc1\xf9\xc5\x55\xa9\xe7\x81\x3e\x71\x4d\xe8\x13\x37\xf4\x0f\x7e\x9c\x9d\x2a\x46\xd3\x42\xea\x1f\x67\xa7\xcf\xcf\xb9\xa4\x03\x1a\x46\xe6\xb4\xfc\x4d\x66\xbf\x2a\xd1\x32\x4e\x0c\xb2\x4b\xc5\xed\x84\x50\x3b\xa5\xba\xbd\x50\xc4\x5d\x46\x33\x34\x59\x4d\xae\x13\xb4\x10\x7c\xb7\x8c\xe0\x3b\x08\x48\x83\x80\xb4\x8a\x80\xb4\x89\xb1\x42\x10\xb1\x06\x11\x6b\x33\x44\xac\xbd\xa1\xd8\xb2\xfa\x68\x00\x83\x5c\x87\x98\x80\x7c\x6d\xe6\x10\x13\x00\xee\xad\x0b\x77\x6f\x7d\x83\xde\xfd\xe9\x10\xbb\x1e\x49\x7b\x9b\x51\xa1\xca\xda\x91\xc7\x1f\x31\xa1\x55\x57\xb9\x6d\xcf\xcf\x9b\x7d\xd5\x03\x0d\x32\x8f\xf6\x1f\x7b\x88\xc5\x01\xdf\x65\xf2\xca\x0a\x0f\xfc\x45\x39\xb5\x2f\x37\x14\x67\xb1\xb1\x14\x2f\x16\xb3\xb3\xba\x71\x12\xe0\x50\xdf\xd2\xa1\xfe\xb5\x79\xcc\xaf\x93\x4b\xfc\x6b\xf1\x52\x9f\xc0\x70\x90\x99\x9f\xd6\x9f\xe8\x60\x0a\xca\x02\x71\xea\x06\x9c\x05\xe5\x4a\xbf\x38\xef\xc0\x1a\xc6\xff\x43\x0c\x87\xf8\x41\x0c\xc7\x8c\x75\x80\x18\x8e\x17\x8e\xe1\x90\x79\x87\x71\x01\x4b\x0a\xa1\x1d\xa6\x6f\x66\x0b\xc8\x40\x0d\xc2\x0c\x4a\xd5\xa8\x09\x2b\xa8\x50\x0a\xea\xe3\x3e\x52\x03\x17\x44\x7f\xd0\x52\x0f\xbd\x8e\xb0\x88\xda\x58\x92\xc2\xcc\x9e\x18\xd6\x52\xce\x61\x8e\xd1\x28\xcb\x0e\xba\x11\x7e\x5b\x8a\xe5\xdc\xf3\xa4\x8a\x5c\x71\xd1\x4a\x62\x32\xe0\xb2\x5a\xf3\xf6\x97\x66\x5c\x4b\x30\x71\x8f\xe5\x2a\x5a\xec\x0d\x2f\x49\xa7\xbf\xea\xfb\xf9\xe0\x86\x3e\xb8\xa1\x6f\xfd\x6e\xe8\x83\x5b\xe7\xe0\xd6\xb9\x42\x47\xbe\xe0\xad\x73\x70\x73\x1a\x5c\xd5\xb7\xd4\xab\xfa\x5e\xf1\x05\xa5\x8b\x89\x30\xa5\x21\x71\x7c\x66\x3d\xf4\xbb\xfd\x3d\x19\x64\x2a\x8a\x56\x51\xb9\x35\xb1\xa6\xd3\x57\x4d\x16\x59\x57\xb9\x59\xef\x78\x28\x94\x9b\xf7\x13\xcc\xb9\x77\xdc\x52\x1a\xb1\x28\x94\xbe\xac\xb2\x1c\x4b\x1d\x59\xb1\xeb\x62\xc4\x45\x5a\xf3\x24\x08\xab\x18\xc7\x94\xc5\x30\xe5\xcf\x7d\x0a\x01\x96\xf9\x08\xce\x2c\x2a\xab\x18\x1c\x9b\x05\x38\x65\x91\x54\x69\x14\x55\xf3\xb2\xd3\xf8\x2c\x3d\x3f\x11\xef\xb5\x98\xbb\x34\xca\x8e\x84\xa6\x6c\x73\xc3\x80\xe3\x88\x4a\x97\xcb\xfc\x01\xdc\xfc\x47\x6e\xae\xb1\x41\xc5\xdc\xdb\xc4\x08\x4d\x5e\x05\xa5\x88\x73\xf3\x92\xd3\xc2\x58\xa6\x5b\x6d\xe9\x17\x47\x34\x24\x77\xae\x47\x52\x9f\xea\xee\xc1\xee\xb6\xee\x18\x4d\xc2\x90\x86\x9a\x45\x65\x44\xb0\x17\x69\xce\x42\x21\xc1\x8e\xe6\x00\x97\x0d\x18\xca\xbc\xb0\x25\x11\xc2\xf3\x33\x7a\x7a\x12\x71\xff\x17\x84\x63\x2a\x39\x3a\x3d\xbe\x60\xe8\xf9\xf9\xe9\xc9\xf4\x48\x85\xf6\x3f\x3d\xa1\xeb\x8e\xeb\x5b\xd8\x71\xc2\x2e\x0e\x03\x8c\xdc\x60\x4f\xfc\xe3\xba\xa3\x12\x8a\xfe\xca\xfb\xbf\x0b\x97\x42\xd7\x17\x36\xe2\x9c\x39\xee\x0e\x7b\x5e\x34\x0a\x69\x3c\x1c\x21\x73\xae\x69\x62\xcd\x82\x1d\x84\x74\x4c\xa2\x11\x89\x19\x3a\xf8\xd0\xdf\xdd\xbe\xf6\xaf\xa3\x84\xc4\xe0\x7b\xc0\xa2\x90\xe0\xb1\x50\x60\x48\xc8\x9b\x91\x73\xb5\xbc\xa3\xe1\x4f\x1c\x3a\xa8\x8b\x9e\x9e\x94\x83\xa6\x9b\x3a\x68\x1a\x3e\xe6\x6d\x72\xef\xd0\xdf\x5d\xd1\x5f\xc2\xfb\xf2\xe9\xa9\xcb\xff\x2f\x09\xfa\x8a\x8c\xcc\x07\x59\x39\xd7\x1d\x61\x98\xe1\x98\xe0\x3d\x88\x63\x27\x11\x5e\x13\xe9\x93\x2b\xb5\x96\x60\x7b\x44\xd0\xb6\x76\x44\xea\x51\x1a\xe8\xc3\xeb\x51\xec\xe8\x6f\xb1\x73\x8b\x3d\xec\x27\x06\x59\xd3\x44\x4d\x2f\x58\x51\x4e\xe1\xa9\xd3\xcd\xb4\xd3\xb5\xca\xef\x5b\x24\x72\x92\x7d\x44\x1e\x2c\x64\xe6\xd7\x1d\x3e\xc3\x8f\xcf\x2e\x79\x17\x64\x4a\xc0\x5a\x38\x79\xb7\xf1\x62\xd7\x7b\x62\x7a\xe7\xf0\x7c\x7f\x56\xfa\x87\x13\xdb\xa6\xe3\xa0\x9b\x9c\xc0\x18\xdd\xc4\xa5\x77\xb8\x43\xed\x7b\x12\x6e\x2a\x90\x36\xf9\x8a\x57\x53\xec\xab\xcd\xa0\xc6\xb2\x3f\x59\x43\x49\x2a\x68\xf0\x52\x4e\x66\x59\x79\x15\x98\x7d\x96\x53\xd7\x57\x83\xbf\x6f\x0b\x87\xd7\x19\xbc\x7e\xa7\x73\x73\x36\x3a\x87\x23\xb3\x73\xfb\x01\xf2\x5c\x3f\xfe\x95\xa4\x5a\x8c\x0b\xb9\x9a\x4a\xeb\x19\x13\x50\xe5\xf7\x2c\x83\x62\xca\x9f\x55\x8f\x8b\xc1\xdf\xd7\x2a\x23\xa0\xfc\x69\xc7\xaa\x12\xbd\x4a\x2e\x0c\x22\xc5\x20\xf6\x3c\xb9\xc3\x3d\x40\xa7\x77\x67\x34\x1a\x84\x84\xe5\xe8\x7e\xcc\xbe\x48\x9e\x3b\x76\x4b\xc7\xdd\x63\x32\xa6\xe1\xe3\x01\xea\xbf\xef\x7d\x73\x8b\xa3\x61\xf0\x5b\x12\x5e\x4b\xfd\x5e\xde\x6b\x29\xcb\x26\x9f\x0b\x0e\x87\x4c\x9e\xfe\x5a\x52\x1e\x6d\x24\x52\x4a\xb5\x7d\x33\x51\x44\xf2\xc7\xbc\x15\xa7\x67\x59\xc7\x71\x04\xb0\x64\x2a\xbd\x1e\xc5\x73\xb0\x52\x0f\x57\xfb\xe8\x04\x34\x2c\x94\x95\x8e\xdc\x40\x38\x1c\x71\xf1\x9f\x65\x23\x2b\x52\xc8\x3b\x08\x69\x44\x6d\xea\x1d\xa0\xef\xc7\x83\xf6\x59\x59\x91\x1d\x98\xb3\xbb\x3a\xaa\xcb\x4e\xaa\x26\xc5\x0c\xc7\x24\x0a\x5d\xbb\xa2\x7e\xb9\x0c\xab\x7d\xce\xcc\x2e\x5a\xea\xfc\xa3\xa8\x12\xa2\xd4\x37\x6b\xbf\xb7\x5f\xf0\x13\x63\xf6\x88\xf0\x4a\x7d\xbe\xba\xca\x39\x3b\x1a\x9d\xcc\xf6\x72\x1f\x47\xee\x98\xd0\x38\x4a\xdf\xee\xea\x2f\x59\x6c\xdb\x84\x31\xcd\xff\xac\x9f\x57\xfb\x8a\xee\x69\xbb\x79\x15\xb6\xc2\x39\xad\xb6\xdd\x05\xd5\x57\x6b\x76\x7f\xbf\xdf\xa4\xd9\x75\x2e\x0c\xe2\x8a\x85\x41\xe2\xc5\x70\xc2\x6c\x2c\x43\xd9\x0d\x6e\x5e\x7a\xb4\x66\xa1\xa6\xd8\x71\x4a\xae\x0e\x67\x27\x57\x37\xbf\x9f\x9e\x1d\x27\x31\xa9\xf9\xf7\x4e\x48\x8b\x27\x67\x16\xaf\x8c\x69\xe9\x5c\x50\x1a\xfd\xe1\x7a\x44\xed\x89\x72\x0b\xc9\xf1\x59\x02\x4d\xc7\x52\xfa\x27\x6f\xca\xe7\xc2\x13\x97\xf3\x84\x33\xbd\xf2\xe2\x46\xc8\x8d\x48\x09\xfa\x93\x00\x9e\x04\x6a\x0a\xe8\x2d\x87\x35\x7b\x5b\xb3\x01\x53\x5b\x3c\xa3\x3e\xab\x2b\x51\xd5\x0a\x6d\x59\xb5\xca\x36\x19\x52\x7f\x0a\x45\x90\x8c\x58\xd3\x1d\x53\x0a\x66\x87\x38\xa8\xdd\x3c\x37\x51\x93\x13\x2d\x4b\xe9\x4c\x45\x67\xd8\x16\x3a\x75\x5e\xe7\x30\x16\xae\x0a\x3b\x1d\x1c\xe8\xbb\xc3\xb3\xcb\x4b\xb1\xf5\x91\xf2\x2d\xc3\x5f\xab\x08\xae\x41\x0e\x34\x4b\x20\x6b\x99\x10\xb4\xea\x1b\x05\x7c\x96\x09\x24\x83\x02\x9a\x16\xbe\x9a\xcf\x7e\xc7\xc2\x71\x44\xf9\xb2\x96\x6a\x44\xeb\x90\x57\x43\x2e\xd3\xc5\xbf\x1a\xab\x33\x43\x80\xa9\x31\xbf\x54\xeb\x9f\x83\x0e\x9f\xcb\xba\xac\xce\xcf\xa0\x00\xbf\x79\x25\xd5\xb4\x15\xaa\xdd\xc1\x54\x65\x54\xbf\x7b\x99\x42\x47\x2e\x4e\x27\x64\x52\x93\x0f\xe3\x88\x5e\x8a\x44\x25\x85\xb9\xb5\x57\xbe\xd2\x70\xaf\x3b\x5b\xbd\x71\xd1\x65\x17\x69\x8a\xee\x75\xa7\xcf\x55\x5d\x2d\x45\xe2\xed\xa8\x7f\x63\xa1\x14\x69\x83\x90\x72\x80\x71\xa9\x8f\xbd\xd2\x2a\x49\x52\x5b\x56\x0a\x08\x1f\x0b\x78\xa0\x27\x92\x82\x71\x8c\x83\x8f\x55\xcb\x2e\x4b\x1b\xe1\x70\x48\xa2\x8f\x19\x3a\x99\xb4\x62\xc1\xfa\xe2\x27\x40\x8d\x5c\xa6\x1c\x4a\x3d\xfe\xb1\x34\x2b\xff\x4f\x71\xa9\xd3\x98\x86\x44\x2c\x48\xf6\xbf\xb8\x2e\x2f\xfe\x35\x20\xe1\x05\x09\x3c\xd7\xc6\xd7\x1d\xc4\x46\x34\xf6\x1c\xe4\x50\x11\x0d\x99\xf7\x5a\x16\xdc\x36\x32\x63\x36\xc6\x9e\x27\x33\xde\x50\x71\xa6\x93\xf2\x91\x26\x9b\xaf\xae\x4f\x70\x78\x98\x36\x77\x80\x43\x3c\x66\x79\xbf\x53\xde\x6c\x65\x7b\xb0\x02\xf1\xfe\xe3\xd3\x75\xc7\x13\x5f\x5e\x77\x0e\x9e\x9e\x2a\x73\x29\x59\x76\x9a\x65\x68\xe8\x88\x83\xfe\xd6\xfe\x86\xa1\x61\x07\x3b\x1b\xd7\x9d\xb1\xeb\xf3\x14\x1b\xd7\x9d\x40\x5e\x7e\x76\xe9\xfa\x43\x8f\x0c\xa8\xeb\x47\x7f\x48\x9d\xf5\xba\x73\x20\xb8\x36\xca\xc1\xd8\x49\x85\x3c\x3a\x8c\x28\x8b\x1c\x12\x86\x1f\x8b\xbe\xae\xfc\xfd\xc3\xc7\xad\x26\xb8\x3b\x59\xdd\x69\x70\xc4\xd3\x50\xaa\x89\xb2\xe6\x7d\x9b\x7d\xde\x34\x9f\xab\x49\x2b\xe2\x52\xc1\x35\x29\x0e\x50\x92\x77\xf2\x14\x85\x3f\x97\x0e\xfc\x7c\xa6\xca\x33\x19\x99\xa2\x61\xa6\xa1\x1c\x7b\xde\x14\x15\xb2\xed\x91\x90\x6d\x8a\x4a\x1a\xca\x1a\x12\x55\x94\x22\x3c\x34\x97\x95\x1d\xa6\x5e\x77\x36\xae\x3b\x5c\x17\xa9\x28\x3e\x0b\x7e\x4c\xcb\xe4\xb9\xab\x5a\x31\x12\xcd\x5a\x95\x8a\x72\x53\x90\x32\x75\x68\x9a\xb3\x22\x80\xe4\x29\xcc\xb3\x63\x3e\x77\xe8\xd7\x4c\x12\xed\x28\x47\x88\xd6\x8a\xc3\x9c\xfa\x19\x5f\x3d\xe7\xf5\x73\xa8\xc6\x07\x4c\x85\xdc\x1b\x9d\x5f\x65\x2a\x91\xe1\xc4\xf7\x3d\x9c\xf8\xc2\x89\x2f\x9c\xf8\xc2\x89\x6f\xcb\x13\xdf\xfc\xf9\xaa\x87\xc7\xc4\x89\xed\x7b\xb4\xab\x25\xcc\x69\xdb\x70\x2a\x0c\xa7\xc2\x6b\x76\x2a\x9c\x28\x42\xca\x76\x0c\x87\xc4\x70\x48\x0c\x87\xc4\x70\x48\xbc\x4c\xfb\x9b\x90\x51\x87\x7e\xe4\xce\xbf\xc9\x96\x5c\xd2\x86\x51\x4f\x7e\xcd\x1b\xac\xb0\xa0\xbe\x65\xb5\xc4\x78\x7c\xeb\x97\x02\x49\x3e\xe2\x1e\x89\xd5\x16\x50\x8f\x0e\x1f\xbf\x88\xd2\x72\x9d\x9a\x5c\x72\x7f\x3d\xd9\x66\x08\xe7\xea\x70\xae\x0e\xe7\xea\x70\xae\xae\x7f\x03\xe7\xea\x7a\x0b\xe1\x5c\xbd\x9c\x02\xce\xd5\xe1\x5c\x1d\xce\xd5\xe1\x5c\x1d\xce\xd5\xe1\x5c\x1d\xce\xd5\xdf\xf0\xb9\x3a\xcf\x5a\xe2\xf1\xc7\x7a\x24\x10\xa7\xee\x1b\x46\x20\xfc\x98\xc3\x41\x04\x27\xf6\x70\x62\x0f\x27\xf6\x70\x62\xdf\xe2\xc4\x7e\x7f\x65\x0e\xec\x4b\xda\x69\xab\x1d\x8f\xd8\x34\x53\x7f\x8c\x7d\x3c\x24\x61\x01\x28\xc7\xd4\x21\x07\xe8\x82\xd8\xd4\xb7\xcd\x7b\xc4\x17\x73\x0e\x68\x57\x6f\x70\x26\x58\x5f\x67\x82\x06\x23\x7d\xe2\xb3\x38\x24\x99\x72\x0d\xfe\x07\x53\x83\x47\xcb\xbe\x9e\x5f\xc4\xfa\xaa\x3b\x23\xc4\xea\xf4\xff\x3a\x67\x67\x6d\xec\xa0\x80\x50\x14\x79\xb9\xb3\x7b\x70\x59\x58\x6b\x97\x85\x09\x72\xb5\x9d\x74\x82\x28\x79\x70\x80\x98\x6c\x09\x04\x07\x08\x70\x80\x80\x28\x79\x38\xcd\x87\xd3\x7c\x38\xcd\x4f\x5e\x4e\x7b\x9a\x3f\x7b\xbb\xe1\x38\x3f\x29\x00\x8e\xf3\x57\xf4\x38\x7f\x81\x4a\x38\x1c\xff\xc3\xf1\x3f\x1c\xff\xaf\xb7\x56\x0b\xc7\xff\xda\x0f\x8e\xff\xe1\xf8\x7f\x39\xc7\xff\xaf\x2b\x66\xbe\xf6\x6c\x63\x8e\xfa\x09\x9c\xf4\x2f\xe4\xa4\x1f\x0e\xf8\xe1\x80\x3f\x3b\xe0\x4f\x2e\x2f\x7a\xe8\x77\xfb\xbb\xf2\x84\xbf\x21\xda\xcc\xb0\x32\x15\xc7\xbe\x61\x08\xd2\xab\xfd\xaa\x16\xe3\x6f\xd9\x54\xfe\xcd\x30\xa3\x7e\x0b\xa8\x93\x6c\xd3\x93\x8b\x15\x7e\x2b\x4c\xac\xdf\x62\x46\x8a\xdf\x8a\xe3\x22\xf1\x3d\x0b\xba\xc9\x65\x51\xb1\x9f\xdd\xde\xf7\x5b\x69\x56\x67\x1a\x4c\x76\x2b\x72\x59\x0b\xc9\x8e\xc8\xf5\x43\x6c\xf9\x66\x48\xa2\x69\x33\x4d\x0f\xc6\xcb\xb9\x26\xc7\xed\xf2\x2f\x75\xe4\x3e\x43\x29\x9b\x2c\xc2\x51\x5c\x51\x58\xa0\x4e\xf4\xe7\xb3\x2a\x9b\xcc\x8b\xb9\x1e\x69\xa7\xd9\xb6\x38\xcb\xd6\x6e\x9f\x6c\xcc\x28\xd1\x4a\x1a\x37\x28\x20\x55\x26\x4a\x25\x65\xcb\xa3\x78\x97\xc5\x40\x5c\x45\x2c\x56\x46\x72\x1b\x89\xa1\xf0\xaa\xf9\x6f\xb6\x81\x34\x3a\x5b\x12\xa6\x31\xe2\x0c\x42\x7a\xe7\x7a\xc9\x4a\xcb\x1f\x35\xb5\xc8\x4d\x7d\xa1\xe5\x66\xce\x0c\x07\x01\x0e\xc7\x34\xcc\x72\x33\xec\x10\x8d\x55\x0b\x63\x3f\x72\xc7\x64\x8a\xec\x4c\x75\x2b\xe5\x96\xee\xe2\xf5\xab\x41\x53\x23\x61\xde\xda\x66\x65\xa6\xb4\xe4\x01\x23\x76\x98\x5c\x89\x62\x21\x32\x0e\xa2\xc7\xe3\xe4\xaa\x3c\x2b\xbd\x20\x4e\x0c\x97\x6c\xdc\x67\xf5\x28\xcb\x33\xc0\xd1\x68\x10\x92\x3b\xf7\xd7\x41\x6a\xd7\x4f\x2f\xcf\xeb\xd4\xa4\xca\xdd\xbe\x5a\x95\x30\x8c\xd3\x1b\x55\x13\xa7\x1e\xb3\xf9\x31\x6d\xb3\xb8\xa6\x2f\x64\xe2\xfa\x65\x71\x09\x8a\x00\x9b\x30\xf6\x0f\x19\x7f\x91\x78\xe2\xc4\x1e\xd7\x0f\xf9\xd3\x43\x5f\x84\x65\xb1\x38\x08\x3c\xc2\x95\x16\xec\xe5\x90\xad\x9c\xf4\x8e\x49\xa4\xa8\x7a\xff\x0e\xa5\xb6\x5b\x94\x19\x6f\xd3\x5e\xac\x37\xec\xaa\xa1\x3d\x9c\x9c\xf2\x1d\x3a\xd2\x8c\xbf\xda\x20\xe9\x8f\xb9\x18\x3a\x3b\xb9\xba\x39\x3c\xfe\x76\x7a\x26\xe5\x4e\x52\x82\x53\x4c\xf8\x2f\xd9\xc1\xca\x54\x11\xd2\xc0\xf4\xfe\x9d\xb8\x19\xa6\xe0\xa1\x25\x66\xca\xe9\xb1\x56\x39\xfe\xe4\x74\x70\x54\x78\xa2\xae\xe1\xc9\xac\xc5\xe2\x43\xcd\x88\x37\x76\xfd\x03\xa4\xec\xe7\x63\xfc\xeb\x00\xed\xed\xee\x6e\xef\xca\x72\x2f\x4f\xbe\x26\xf6\x17\x46\xc4\x3f\xd5\x08\xa4\xaf\xc4\x16\xd4\x67\xc4\x41\xae\x8f\x8e\x30\xbe\x1c\xe8\x43\xf4\x5b\x32\x46\xbf\xe5\x65\x4c\xb6\x28\x8a\x28\x5b\x65\xe0\x2d\x5c\xd2\xd8\x70\x6f\x13\xb9\x24\x94\xf6\x97\x14\x05\x34\x7c\x4e\xcb\xb1\x7d\x57\x6c\xd5\xbb\xff\xc5\x78\x3d\x94\x3f\x50\xea\x65\x73\xdd\x11\x71\xc2\x1d\xbe\x3c\xec\xdb\xb0\x77\xdd\xd9\xc8\x5e\xd9\x7e\xd2\x80\xeb\xce\xc1\x75\xa7\xd7\xdd\xee\xf6\x73\x09\x02\x2f\x1e\xba\x5c\x71\xe7\x3a\x71\xba\x3b\xcc\xb9\xf0\x5c\x77\xa2\xc7\x40\x15\x90\x2e\xbd\x8d\x7c\x0a\x87\x78\x64\x28\xb4\xe8\x83\xfc\xc7\xfc\xe5\x08\xbb\x61\xe0\xfa\xdf\x78\x43\x3b\x72\xa8\x37\x8a\x69\x5c\xa6\x0e\x06\x3e\xe1\x88\xfc\xc4\x8f\x49\x42\x3d\x9d\xb6\xbd\x7d\xde\x68\x50\xd9\x80\x86\xd1\x18\x07\xa5\xca\xea\x47\x24\xc6\x0a\xf3\x0f\xbf\x49\x07\x3a\x36\xa9\x22\xc9\x3f\x95\xca\x27\xfe\xf6\x49\x54\x3f\x62\x6a\xda\xcb\x6a\x66\xc6\xec\xa3\xd3\xe3\x8b\xe7\xe7\xdc\xf8\xfc\xae\xae\xb3\xce\x57\xf3\xba\x73\x95\xb6\xf2\xe9\xa9\xab\x2e\xa4\x56\x69\xbb\xfc\x5d\x2e\x1b\xfe\xc1\x8f\xb3\x53\x91\x49\x29\xf5\x8f\xb3\xd3\xe7\xe7\x5c\x52\xbe\xfe\xcc\x69\xf9\x9b\xcc\xca\xf0\x9c\x36\xb9\x85\xa2\x70\x8c\xc9\x98\xfa\xe2\xde\xad\x09\xab\x69\x86\x95\x94\xda\x93\x33\x15\x2c\x91\x8b\xad\x6d\xd3\xc5\xbc\xcd\xf9\xa3\xa2\x2f\xcb\x9a\x5a\x83\x8d\x86\xee\x72\x6a\xdd\x0a\x7b\x46\xa3\x5a\x12\x04\xd3\x2b\xb1\x79\x70\x7d\x87\xfe\x4c\x33\x37\x88\x03\x69\xab\xd3\xbd\x4e\x26\x18\xea\x17\xe3\xb4\x52\x30\xae\x99\xcd\xdc\x55\x56\xe9\x59\x8e\x2c\x0a\x57\xd1\x17\xea\x51\x63\xef\x36\x5f\x64\x9f\x59\xbc\x4b\x06\xee\xb2\xd5\xd9\x42\xe5\x1b\xec\xd3\x97\xc2\x85\x43\x4f\x9b\x5d\x6b\x9f\x7b\x58\xbc\xdc\x5e\xeb\x7b\xe9\x8d\x99\x5c\xa5\xef\x47\x24\xbc\xc3\x76\xae\x4e\x22\x57\xfe\xf0\x63\x06\x44\xc6\x84\x25\xe3\xa7\xd9\x5c\x5f\xe7\xbb\x72\xdd\x11\xde\x2b\x05\x4b\x7d\x66\xa5\xdf\x2d\x58\xe9\x2b\xfc\x66\xa6\xca\xab\xee\xe0\xdf\xa8\xc5\xa7\xa5\x55\x1f\xf5\x8b\xb3\x7e\xf4\xcf\xeb\x4e\xaa\xea\xe5\xe8\x47\x88\xff\x60\x38\x71\x4f\x2e\xe6\xd7\xb3\xaa\xba\x59\xbe\xf2\x2e\xfe\xaa\x7b\xf8\xab\x8b\xbb\x1c\x14\x6e\xdf\x9f\x5b\x99\x85\xbb\xff\x27\x38\x10\x15\xee\xea\xae\xbc\xa0\x5e\xbb\x4b\xbc\x2a\x7d\xc5\x8d\xe1\x13\xee\xf4\x6e\x74\xad\x7d\x92\x87\xba\x39\xdd\xca\xd5\x42\x3b\xd3\x3a\x3b\xad\x5c\xe4\x7c\x5e\x6c\x6a\xdf\x77\xd9\xa8\x66\x76\xbc\x43\x57\x23\x82\x8e\xce\x4e\x93\x3b\x43\xd5\xae\x51\xbf\xbe\x9d\xfa\x88\x60\x7b\x84\x2a\x6e\xba\x3f\x3a\x3b\xbd\x39\x3b\xb9\xfa\xf3\xfc\xe2\xcb\xcd\xd1\xf9\xd9\x1f\xa7\x9f\x9a\x0c\x77\xba\x39\xfd\x42\x1e\x4d\xa3\x5e\xad\x7f\xeb\x3f\x21\xd5\x72\x2a\xb4\xb9\x7e\xbc\x5e\xe6\xd9\x2f\x57\x74\x52\x86\x70\xd0\x96\x36\xf8\xc6\x33\xab\x66\xa6\x70\xa9\x37\x69\xba\xf0\x34\x96\xba\x0b\xbf\x36\x1f\xed\xea\xfb\x74\xbe\x54\x3b\xd8\xcc\x7e\x37\x7d\xa1\x5d\x53\xdd\xa2\x3f\xd3\x3d\xf7\xd5\x83\x3f\xa9\xef\xea\xeb\xaa\x75\x24\x7f\x1f\xe7\x9c\xbe\x57\xcd\x51\x7c\xab\xf7\x3f\x34\x1d\xc5\x60\x79\xdf\x03\xcb\x3b\x58\xde\xc1\xf2\xbe\xd6\x96\x77\x79\x51\x37\x58\xdd\xc1\xea\x0e\x56\x77\xb0\xba\x83\xd5\x1d\xac\xee\x60\x75\x07\xab\xfb\x04\x57\xf2\x17\x36\xb5\xb7\x71\x24\xd7\x2a\x02\x16\x7a\xb0\xd0\xa7\x89\xc1\x42\x8f\x92\xbc\xc0\x42\x0f\x16\x7a\xb0\xd0\x6b\x19\x83\x85\x5e\xfe\xc0\x42\x0f\x16\x7a\xb0\xd0\xaf\xb1\x85\x7e\x7f\x36\x03\xfd\x7c\xe2\x13\xd6\xd0\x14\x3b\xef\xf0\x9d\x09\xa7\x14\x19\xc0\xc3\xc9\x80\x0a\xf5\x28\x4e\xca\x79\x1a\x71\xd4\xd5\x29\x6a\xc4\xcb\x11\xed\x73\x36\xe4\xcc\x66\xc7\x99\x68\xc6\x69\x64\xc5\x29\xd9\x44\xee\x68\x68\x93\x43\xc7\xe1\xdb\x42\x45\xe5\xdb\xc4\x88\x33\x93\x0d\xa7\xb1\x09\x67\x92\x05\x07\x0c\x38\x2b\xe0\x36\xd9\x76\x15\x81\xeb\xa4\xfe\x5b\x75\xc3\xcc\x6a\xda\x5f\x1a\x58\x4a\xe6\x69\x1a\x99\x3f\xff\x95\xb0\x12\x6c\x57\xf2\x59\xed\xf6\x7a\xdf\x8a\x93\xb0\x92\x15\x6b\xb7\x2a\x97\xbd\x9d\x6f\x7a\x57\x4f\x36\xb7\xe4\x76\x87\x25\xd3\x4f\x67\xe3\xba\x93\x19\x79\xe4\x5f\x45\xeb\x8e\x4a\x53\x63\xb2\xd1\x77\x99\x09\x6f\xe5\x9c\xeb\x50\x2c\x21\x6f\x19\x6a\x6a\x6b\xc9\x0b\x17\x30\x97\x80\xb9\x04\xcc\x25\x6f\xc2\x5c\x62\x3c\xc0\x46\x15\x56\x7f\x05\xab\x43\x82\x12\x65\x51\xe9\x5a\xe8\xba\xf3\xd0\xef\xf6\xb7\x04\x77\x71\x36\x15\xab\x29\x38\xab\x19\x69\x9a\x7d\x55\x20\xbf\x31\x70\x02\x4f\xe0\xe3\x51\x7c\x0d\x81\x87\xfd\x06\x64\x38\xf5\x15\xae\x2d\x88\x44\xb6\xd3\xae\x00\x53\xdb\x72\xac\x4a\x5a\x89\x85\xc2\x7c\x1a\x59\x85\x9b\xf0\xa6\xe1\xfe\x01\x1b\xda\xdb\xb2\xa1\x2d\xdc\x13\x4f\x19\xe9\xf8\x33\x75\x43\x45\xe2\x46\x3b\x23\x81\x5b\xc2\x68\x37\x23\x83\x9b\x31\x9b\xa9\x4e\xde\x2b\x2a\x34\x3b\x71\x74\x15\x89\x9b\x4c\x0e\x9b\xbc\x96\xa7\xef\xa5\xaa\xcc\x8f\xb8\xcd\xb4\x5f\xab\x1c\xc5\xf5\xe5\x79\xfb\x12\xdf\xbe\x71\x9e\xb7\x9a\x41\x45\x95\x44\x6f\x45\x22\x78\x04\x4c\x6f\x6b\x79\xd1\x5b\x23\x32\xb8\xd9\x04\xeb\x8c\xc2\x6d\x51\x5c\x6f\x8b\x8f\x7c\xa9\x63\xfc\x32\x76\xca\x1b\xa1\x83\x83\x8b\xdf\x66\x9a\x25\x2d\x89\xe1\x2a\xe1\x7d\x3e\xcc\x70\x15\xd9\xb7\xa4\x86\x9b\x17\xc6\xac\x02\xb0\xcc\x69\x2f\x30\xcb\x06\x60\xc1\x2d\x4c\x75\xf6\x77\x28\x59\x96\x5c\xf3\x8c\x84\x32\xef\xde\xb9\xc4\x41\x23\x12\x12\x95\xa4\xdf\x45\xa7\x3e\xa2\xa1\x43\x42\x14\x51\x34\xc6\xf7\x04\x89\xab\x52\xd0\x37\x59\x1c\x72\xa8\xf8\x3a\x4c\x4a\x40\xd1\xc8\x65\x69\xd6\x48\x08\x4b\x12\x91\xb0\x2b\x33\xdc\xea\x26\x84\xf1\x5c\xc7\xe8\xab\xa7\xdb\x5d\xf4\xa7\xeb\x79\xe8\x96\xa0\x28\xf6\x65\x9c\x41\x48\xb0\x27\xae\x05\xe0\x48\x7f\x7c\x76\x89\xc4\x24\xe4\xaa\xa2\x27\xd4\x42\x8b\x4f\x58\xae\x49\xb8\x0c\x45\x71\xc8\xbf\xa2\xbe\xc8\x6f\x61\x17\x00\x55\x6e\x6c\x2f\xe3\x90\xab\xa4\x7d\xbe\xa5\x4d\x1f\xe6\x76\xbb\xbd\xf5\xb8\xfc\x47\xe9\xec\xa1\x31\xaa\x2b\xb9\xab\xc7\x92\xd7\xff\xe4\x2f\xfc\x59\xcd\x83\x2b\xc3\xa6\x34\xa0\xce\xa1\x1f\xb9\xc6\x7d\x69\x10\x92\x3b\x12\x4e\xb7\x31\xb5\xd0\x4f\xe2\x0e\x47\x91\xb8\x37\xa5\x60\x9e\xa1\x4e\x52\x1c\xdf\xb0\x96\x36\x1d\x62\xd8\x0c\x24\xe5\xc9\xaf\xc1\x6e\x36\xdd\x44\xaa\x11\x37\xef\x41\xb3\x1d\x98\x79\x03\x9b\x6e\x61\xb9\xdc\x4c\xa7\x8c\x6e\x79\x97\xbf\x88\x06\xd4\xa3\xc3\xc7\x2f\xa2\xc4\xdc\x24\x19\x51\x16\xe5\x4f\x53\xc0\x0a\x90\x2b\x6f\x79\x56\x00\xf3\xb6\xbe\xd1\xc5\x57\x75\xd7\x5e\x2d\xd1\x32\x50\xb4\x02\x5b\x45\xbd\x48\x2a\x7e\xfa\x26\xdc\x64\x77\x2d\x0b\xe7\xac\x60\xb9\x23\xcf\x1f\x3c\x4c\x38\xcb\xae\xb8\xcd\x49\x59\x23\x1a\xda\x20\xde\xa1\xab\xf3\xe3\x73\xae\x20\x45\xca\xa8\xa0\x4e\xae\xd1\x4f\xbe\x11\xff\x49\x7e\x7b\x20\x28\x90\x41\xaa\x0e\x8a\x46\x24\xab\x15\xba\xa3\xa1\xdc\x98\xe7\x33\x54\x5a\x02\xdb\xe0\xc9\x7d\xc4\x48\x94\xd8\x39\xd0\x47\x99\x39\x97\xe1\xf7\x84\x04\x52\x48\x67\x19\xe6\x8d\xcc\xef\xd0\x30\xc6\x21\xf6\x23\x42\x1c\x64\x7b\x98\xb1\x2e\x3a\x8a\xc3\x90\xf8\x91\xf7\xb8\x51\xfc\xf6\x0e\x7b\x1e\x43\xae\x1f\x51\x5e\x6c\x3e\x9f\xeb\xce\x6d\x1c\xb2\x88\x8b\xc0\xeb\x0e\xb2\xb9\x84\xe5\x0d\x65\x22\xa9\xe8\x4b\x8f\x44\xc8\xa1\x84\xf9\xbf\x45\xe8\x16\xdb\xf7\xf4\xee\x0e\xdd\x85\x74\xcc\x7b\x2d\xc2\x61\x24\x04\x7c\x94\x33\x22\x2c\xff\x82\xab\x99\xae\x4e\xb2\x47\xc4\xbe\xdf\x2c\xcd\x1b\x94\xde\x2c\xd2\xef\xf5\x76\x77\xf2\x2f\x5e\xd3\x45\x4a\xe9\x77\xa6\xb6\xef\xf7\xf6\xfb\xcd\x9a\xfe\x0e\xfd\x24\x28\xa0\xf2\x28\x37\xa0\x0e\x12\xd3\x23\x0e\xc4\x62\xe0\xb3\xe9\x4b\x76\x3f\xea\x18\x0b\x23\x96\xd2\x96\x11\xf6\x9d\x7c\x4e\xd4\xf7\x1e\xf9\xf2\x88\x03\xf1\x65\x56\x45\x51\x2a\x92\x17\x81\x22\xea\xdb\x5c\x9b\xc5\xd1\x6f\x0c\xa5\x9a\x5c\x77\xe2\x70\x6c\x37\x1c\x0d\x43\x40\x8f\x23\x6e\x73\xfd\x58\xbe\xde\xb5\x5b\x48\xe7\x33\x8b\xf7\xdf\x47\x3e\x75\xb6\xf3\xef\xd4\x2d\x4b\x8e\x1b\x7e\xdc\xac\x84\xc9\xd4\x3a\x94\x3c\xa8\x70\xb7\xb8\x38\xff\x76\x72\xf5\xf9\xe4\xfb\xe5\xcd\xe0\xfc\xe2\x4a\x6f\x98\x76\xee\xdc\xdb\xdd\xd5\x45\xc7\xc4\x2b\xd6\x0a\x95\xd6\xaf\x46\xf3\xa8\xb8\x0a\x52\x9b\x25\x0d\xef\x5a\xab\xc9\x33\xb2\x83\xba\x7c\xeb\x2f\x5d\x93\xad\x2b\xe5\xdb\xfc\xd6\xb5\x09\xe7\xee\x95\x23\x94\x3f\x3b\xaf\x48\xa6\x5d\x71\x94\x0f\x04\xcb\x84\xd2\xf1\xd9\xe5\x37\xcc\xfe\x2a\x09\xa5\x39\x40\x5a\xa9\x54\xb4\x6e\x90\x56\x5e\x82\xb9\x45\x61\x21\xdd\xc4\x9a\x7b\x2e\xc7\xe1\x98\x2f\x32\xe1\x07\xb3\xcf\x78\x77\x24\x5d\x62\xf9\xd8\xf7\x1f\x73\x1f\x28\x71\x76\x2c\x13\x14\xcc\xb5\x7c\x39\xe6\xfe\xba\x2f\xac\x69\x6c\x8f\x88\xc5\xdc\x7f\x13\xbe\xe2\x7b\xf9\x97\x1e\x1d\x5a\x77\xd8\x76\x3d\x37\x7a\xfc\x98\xcf\xc6\x92\x48\xf6\x71\xb3\x8c\x28\x9b\xfd\xad\xf7\xdd\x5e\xb7\xd7\xed\xbf\x53\x6b\x27\xbb\x51\xb9\x70\x63\x74\xf2\x4a\xee\xd6\xca\x6f\x2b\x0a\xac\x2e\x23\xd9\xab\x55\x5c\xa4\xac\xe7\xa3\x5f\x1a\x5d\xce\xce\xf8\x85\xba\x59\x7a\x52\xe1\xfa\x84\xad\x85\xab\x95\xb9\x11\xf2\x1d\x62\x84\x1c\x88\xf5\xc9\x0e\x36\x37\x87\x6e\x34\x8a\x6f\xbb\x36\x1d\x6f\x66\x1b\x05\xfd\x9f\x2e\x63\x31\x61\x9b\x5b\x1f\x7a\xbb\xbb\x42\x4a\x3a\x24\xc2\xae\xc7\x26\x69\xa6\xd3\x39\x3f\x6e\xe5\x34\xa6\xf9\xc0\xde\xc4\xa5\x95\xe4\xc7\x5c\x87\xd8\xb8\xee\x8c\xf0\x52\xa6\x98\x17\x0e\x1a\x04\xc0\xda\x63\x5f\x09\xfc\x2a\xd1\xcf\x0a\x78\x6f\x7d\x54\x3a\xed\x46\xba\xd2\x0e\xc4\x4a\xdb\xd0\xf6\xad\xea\xcc\xac\xcb\x1e\xec\x6e\x19\x84\x36\x76\x37\x0e\x4d\x19\xab\xb1\xd6\x32\x9e\x3e\xd7\x46\xea\xc8\xce\x2c\x22\xbe\xd5\x2a\x32\x2f\x17\x94\xed\x48\xd2\xe5\x55\xbe\x62\x93\x43\xc0\x31\xe5\x3b\xa5\x98\x91\xf4\xa8\xf6\xf8\xec\x32\x55\x0f\xeb\xce\xfd\x17\x7c\xe3\xe5\x8a\xde\x4d\xa9\x96\xff\xda\xdf\x4d\x59\x33\x76\x5a\x8c\xd6\x94\xa3\xa7\x3e\x49\xe4\xff\xf7\x80\x45\x21\xc1\x63\x41\xb5\x25\xda\x9b\x08\xfa\xb8\xfc\x26\x0d\xeb\xf9\xe7\xd3\x93\xb2\xe7\xba\xa9\x3d\xd7\x90\xd3\xf3\xb3\xb0\x14\xff\xdd\x7d\x7e\xde\x48\x68\x04\x9e\x9e\x82\xd0\xf5\xa3\x3b\x74\xdd\xf9\x1f\x7f\x5d\x77\x50\x97\x3f\x12\x6f\xfe\x95\x3f\x68\x4a\x6a\x78\x19\xc5\xb7\x72\xb9\x27\x35\x63\xd9\x93\x2c\xd0\xe8\x09\x7d\x22\xd1\x17\x89\x52\xfa\x27\xa5\xef\x4b\xf7\x1c\x69\x6e\x62\xfb\xf5\x5e\x62\xf9\xa0\x9e\x15\x70\x15\x03\x3f\xaf\x62\xa2\xd7\x6b\xe1\x05\x3f\x2f\xf5\x03\x3f\x2f\xf0\xf3\x5a\x61\x3f\x2f\x70\xe2\x02\x27\xae\x15\x72\xe2\x02\xdf\x2d\xf0\xdd\x7a\x03\xbe\x5b\x35\xc1\xf7\xe0\xc6\x05\x6e\x5c\xe0\xc6\x05\x6e\x5c\xe0\xc6\x05\x6e\x5c\xab\xbe\xc9\x07\x37\x2e\xf5\x03\x37\x2e\x70\xe3\x02\x37\x2e\x70\xe3\x4a\x72\x02\x37\x2e\x70\xe3\x02\x37\x2e\x70\xe3\x02\x37\x2e\x70\xe3\x02\x37\x2e\x70\xe3\x02\x37\x2e\x70\xe3\xca\xba\x0d\xdc\xb8\xd6\xce\xa8\x5d\xce\x1c\xdc\xb8\xc0\x8d\x6b\x06\x37\x2e\xb5\xfa\x65\x9d\xdb\x13\xf3\xb7\xbc\x0e\xb5\xfa\x4c\xd2\x30\xa0\xaa\x6a\x4a\xe1\x39\x50\xa7\x7a\xbc\x00\x4b\xf1\x87\xd3\x70\xde\xd4\xfd\x15\x85\xb4\x20\xf2\xcf\xd7\xba\x6e\x32\x4e\xdf\x81\xed\x7a\xce\x12\xad\xe1\x5b\xff\xfa\xfa\x4c\xdd\x93\xf9\x2e\x4c\xcf\x14\x2d\x1c\xb8\x5a\x0d\x88\x1f\xa9\x23\xfb\xb4\x2e\x2f\xdf\xad\x46\xe7\x89\xea\x53\xef\x62\x2d\x12\x6f\x88\xe2\xbd\x03\xd9\x9d\x03\x79\x99\x99\x5d\x94\xa0\xdd\x6e\xa0\x5f\x41\xc0\x32\xd0\xcc\xee\xb8\xcc\xee\x23\xd0\xae\x53\x48\x6e\x40\x48\x6f\x3f\x30\xd5\x41\x77\x69\x30\xd5\x46\xf3\x68\x68\x51\xd0\x8c\x1d\x5c\x37\x73\xab\xfa\x79\x11\x8b\xbc\x58\xc8\x42\x66\x63\xad\x23\x01\x0e\xdc\x90\x0c\x5d\x71\x8c\x5b\xbd\xda\x0f\x07\xa7\x75\x5a\x8b\x4a\xdd\x55\x75\x4a\xbb\x40\xd3\x02\xa4\xda\x21\x65\x45\x55\x03\xea\x54\x9e\xa1\xec\xef\x62\x09\x62\xc2\x24\x42\x5a\x55\x99\xeb\xfa\x82\xcf\x9a\x5c\xde\xbb\xc1\xd5\xd7\xcb\x1f\x24\x74\xef\x1e\xb3\x63\x07\x91\xd7\x20\x74\x69\xe8\x46\x8f\xdf\x5c\xdf\x1d\xc7\xe3\xf4\x24\x51\xe5\x97\xbc\x56\xcf\x67\x73\xc0\x98\x01\x39\xda\x51\xdb\x34\x2f\xa8\x4a\x89\x2c\xcd\x48\xfd\xc4\x59\xb9\xcd\x29\xff\xbe\xcc\xa5\xe1\xe9\x29\xf7\x6a\xca\xc3\xf7\x62\xd1\x55\xfe\x04\x05\xa7\x83\xc6\xce\x05\x49\x9d\x26\x1d\xec\x57\x4f\xcf\xba\x43\x7f\x53\x7a\x70\xc9\xce\xff\x56\xe0\xb4\x76\x35\x5d\x27\x4c\x7b\x49\xf3\x04\x5c\x5d\xef\x70\x73\x7d\x35\xf3\x10\xea\x7e\x93\x49\xe4\xbe\x4e\x98\x87\x50\xed\x8d\x12\x87\xde\x4f\xfc\xa8\xcd\x07\xe3\x6d\x9c\x55\xe5\x6a\xdb\x07\x8d\x7d\xbc\xd7\xdd\xce\x91\x8f\xa3\xf4\x3e\x4e\x8f\x44\x56\x22\x38\xac\x48\x37\xdd\xe9\x29\x52\xaf\x15\x61\x2b\x25\x8c\x59\xd1\x63\x40\xd8\x47\x71\x9b\x83\x8f\xbd\xd3\xc1\xf5\x64\xb3\x4e\xb5\x29\x56\xa8\x46\x1f\xb5\xe9\xcd\xe2\xf1\x18\x87\x8f\x37\x38\x70\x0f\x12\x6b\xa4\xd9\x3a\xf3\xff\xab\x2a\x7e\xe6\xa9\xa4\xd1\x3b\xee\xf5\xb6\xf6\xd4\xe3\x81\x3c\xc3\xda\xda\xed\xc9\xc7\x31\x23\x79\xc9\xa5\x7d\x92\x74\x43\xc1\x74\x6e\x32\xe9\xea\xcb\x43\xad\x8e\x73\x71\xce\x5f\xb4\x57\x23\xcb\x4a\x56\xc7\xc7\x74\x69\xe8\xd9\x34\xf7\x75\x9c\xb3\xe8\x33\xda\x32\xbe\xe5\xb3\x6b\x62\xd2\x28\xd7\x40\x37\x5a\x48\x8b\xc3\xce\x8e\xd9\xe4\x20\x96\xb6\x88\x0d\x18\x64\xe9\xd4\xfe\xd8\x1f\xba\xfe\x2f\xd7\x1f\x8a\xd9\xf6\xd0\xef\xf6\x77\xe5\xfe\xd8\xdc\x47\x67\xd9\x85\x15\x86\x5e\x4a\xb2\x11\x79\xce\x70\x89\x98\xf8\x5e\x59\x94\xe3\x30\xbd\xe2\x5f\xeb\xf2\x42\x49\x85\x4e\x17\x1d\x56\x48\x92\x5a\x46\x26\xcc\xa8\x2a\x90\x2d\xce\xa1\x69\xda\x15\xd9\x41\x62\x23\x2b\x5a\x71\xe6\xd5\x75\xb1\xd3\xb4\x08\x21\xab\xda\x98\x3f\x5a\x29\xa5\x72\x08\x93\x22\x55\x8d\x70\x7e\x9b\x51\xd3\xf4\x59\xcd\x2e\x0d\xea\xa4\xec\x82\xa1\x48\x3d\xdb\xe5\x80\x9a\xff\x7a\x26\xff\x7c\x27\xa0\xae\xaf\x8b\x44\xed\xba\x3f\x94\xbb\x52\x90\xff\xc5\x88\x1d\x92\x68\x49\xb7\x01\x9a\x4b\x99\xe1\x26\x43\x7d\xca\x55\x66\x3c\x55\x5b\x8a\x3b\xfc\xe4\xb9\xba\xe7\xc5\xf5\x87\xc9\x76\xad\xa6\x7a\x6a\xcc\xf5\xde\x77\xc4\xe5\x6b\xac\xb2\xcb\x67\xa9\x73\x75\x55\xc4\xcc\x78\x20\xbe\xb9\x54\x31\x97\x64\x94\x83\xf6\x24\x58\x6e\x17\xd5\xde\x14\xa9\xa2\x3b\x66\x34\xed\x35\x58\x9d\xa1\x66\xd0\x30\xe3\xc4\xfc\x97\x6c\xcd\x82\x2c\xdb\xac\xe6\xba\x7c\x8a\xb5\x49\xd2\x08\x71\x9b\xa6\x7b\x97\x1c\x1f\x31\x14\x51\x9e\x63\xdc\xeb\x6d\xdb\x42\x5f\x70\xa9\x6f\xb9\x8e\x78\x40\x2c\xf9\x3c\xc3\x39\xcc\x98\x7c\x93\x4d\x8f\x77\xe8\x33\x09\x85\x2a\x52\x48\x9c\x06\x1b\x59\x9e\xb4\x61\xea\x59\xca\x9e\x2f\x65\x75\x35\x72\x19\x1a\x61\x51\xab\x5b\x82\xb0\x83\x83\x88\x38\x5c\x3d\x7e\xa4\x31\xb2\x47\x42\xde\x12\x37\x1a\x91\x30\x8b\x22\xc8\x3e\x17\x5e\x92\x1e\x8e\x7d\x7b\xe4\xfa\x43\xe1\xc7\x55\x40\xea\xb4\x52\x5d\xbd\x43\x2b\xeb\xac\x66\x48\xa7\xc1\xc2\x8e\xd3\x3b\x4b\xe6\x31\x6c\xc5\xa2\xb2\xb5\x3c\x4d\xee\x05\x09\x62\x6c\xc7\xe2\x4c\xec\xe5\xe5\x68\xf9\x2e\xc3\xd6\x6d\xf2\x4d\xed\xda\x9c\x8f\xa5\xdd\x04\x09\x2d\x43\xb0\x26\xe9\x21\x0b\xd7\x44\x9a\xf7\xb1\xa6\x90\x14\xba\x7a\xbe\xd6\xe1\x1a\x35\x68\x89\x9d\x5b\xb7\x27\x2b\x9a\x25\x6b\xef\x49\xad\xc2\x8a\xfa\x19\xda\xe6\x5a\x1d\xd3\x76\xa2\xda\x7c\x68\xb8\x72\x69\xee\x46\xc4\x92\xa1\xd0\x54\x45\xf5\xc6\x18\x1e\x14\x84\x74\x4c\xa2\x11\x89\xc5\xec\x95\xbb\xc7\xdf\xf8\xfe\x7d\xe7\xb7\xaa\x44\xcc\x0e\x71\x40\x0e\xd0\x6f\x7c\xdb\x9e\x8f\x18\x52\x25\x81\x09\x72\x05\x4c\x90\xf2\x79\xe5\x85\x7a\x72\xde\x1e\x9f\x5d\x4a\x2b\x58\x66\x25\xd1\x9c\x54\xa4\xb3\x69\x31\x41\x3a\x3d\x57\xd3\xc8\x39\x69\x3b\x2b\x53\x99\x4c\xa1\x93\x51\x2c\x57\xae\x7c\xf0\xc2\x96\x52\x65\x7e\xf4\x09\xea\x1e\x7a\x81\xeb\x13\x69\xef\xe4\x0a\x45\x56\x47\xbe\xec\x8e\x4c\x26\x55\x93\xa5\x93\x8d\xf4\xbf\x2c\x3b\xf7\xee\x91\xd9\x91\x87\xac\x9f\xc8\x27\x51\xd7\xa6\x21\xe9\x32\x3a\xc6\xbf\x6c\xea\xfb\x1f\xb7\xb7\xde\xef\xed\xff\xef\x42\x1a\x37\x78\xd8\xe9\xba\xc1\x8d\x70\xd7\xbe\xe1\xf8\x72\x23\xa6\xc0\xc7\xeb\x4e\xbf\xb7\xb5\x83\xf6\x76\x77\xb7\x73\xbe\xe6\x99\x9b\x9f\xd6\x9e\x29\x2e\x04\x4e\x0f\x40\xed\x48\x73\x13\x9f\xe6\x02\xda\xb2\x3d\xd2\x60\x9e\xce\x0c\xd4\x75\x62\xa8\xdc\xc8\x53\x99\xae\xd4\xca\x92\x37\x9f\x2c\x62\xb3\x49\xee\x28\x47\x5d\x71\x2b\xef\x29\x4f\xe6\xf3\xc7\xbf\xff\xcf\xdc\x55\xb6\xff\x6b\x33\x49\x38\x8a\xa2\x20\x49\x5d\xce\x2e\xe3\x1f\x29\x65\x50\x61\xa5\xcb\x7f\xaf\x9b\xbc\xea\x32\x2b\x9a\xc6\xf2\xb9\xe8\x56\xad\xba\x5c\x8a\xd6\xaf\x7c\x2e\x9a\x28\x14\x96\x76\xf7\xd7\x47\xd1\x86\xae\xea\xd7\x3c\xea\xea\xdf\x9b\x10\xec\xe4\x57\x14\xe2\xc3\x70\x98\x37\x45\x27\x65\x25\x30\x26\x60\xc9\x27\xfc\x23\xbe\x38\x75\xfb\xb4\x81\x0d\xa4\x04\x33\x28\x7f\xd4\x50\xbd\xd6\x27\xcd\x72\x84\xf4\x8b\xfe\x0d\x12\xca\x09\x69\xf1\xa6\x4a\xd9\x96\xc3\xaf\x5f\xcb\x8f\xb1\xe3\x18\x13\x9f\x9d\x5c\xdd\xfc\x7e\x7a\x76\x7c\x73\x79\x72\xf1\xe3\x34\x7f\x63\x32\x42\x61\xec\x1f\xb2\xef\x8c\x84\x07\x68\x7b\xbb\xd8\xc4\x72\xc3\xf3\xa1\x2c\x48\x0f\x67\x31\x5c\x02\x8d\x6a\x6e\xe9\x45\x75\x17\x33\xa3\x46\x17\x42\x9b\x8a\x2f\x5d\x0a\xbd\x90\x3a\x28\x7b\xbb\x14\xbb\x62\xd6\x9d\xf8\x0f\xac\x10\xfb\x9e\x3e\xcf\x94\xca\xfe\x56\x05\xe7\x4c\xd1\x91\x36\x6b\x18\xc7\x82\xc2\xac\xc9\xbb\xd8\xee\xf7\xaa\x3e\x63\xb5\xdf\xa5\x27\x13\xf2\x57\xed\xab\x6d\xf2\x75\xde\xce\x27\x30\xbb\x73\x17\x02\x5b\xfe\x5d\x7a\xab\x5c\x84\xb7\x8a\x2e\xdd\xd5\x4e\xdd\x15\x6e\xdd\xfd\x62\x4c\x38\x09\x5d\xea\x54\xbe\x9e\xe0\xda\x5d\x76\x0c\xef\xe7\x15\xe5\xca\x58\xbd\xd5\xea\xaa\x05\xf4\x82\x36\xe3\x7f\x68\x51\x08\xf9\xc9\x5c\x88\x4f\x28\x2e\x09\xfd\xc3\xca\xa5\x51\x2a\x48\x2b\x23\x0b\x5c\x36\x67\xad\xe5\xba\x9f\xcb\x74\x66\x77\x9b\x2a\x01\x5d\x3e\xea\xaa\x4a\xd9\x60\xfb\x9b\xb9\xd9\xf4\xdb\xec\x86\xab\x4a\x9c\x6e\xe3\x5a\xad\x8a\xc0\x06\x33\xff\x5b\x99\x0d\x66\x44\x42\x41\xd6\xe6\x52\xff\x53\x88\x6d\x32\xc8\x2f\xff\x2c\xf4\x65\x75\x5d\x4a\xea\x15\xe0\x77\xe8\xd0\x7f\x94\x1a\x3b\x72\x19\x87\xb7\xb1\xcb\x18\xbe\xf5\x08\xc2\x0c\x79\xd4\x1f\x22\xac\x0f\x84\x64\xd8\x89\x64\xc8\x31\x43\x18\xed\xf4\x76\x50\xc0\xbf\xc6\x11\xda\xd4\xd3\x6d\xe9\xe9\xb6\x7a\x3d\x44\x7d\x84\x53\x30\x4e\xcd\xbe\xa6\xbd\x91\xda\x36\xfc\x2e\x2b\x3b\xb7\x28\xd0\x82\x04\x48\x03\xba\x8b\x18\xde\x26\xf8\x69\xbb\x69\xf0\xd3\xc4\xb0\x9e\x7c\x45\xcc\x31\x3a\x46\x26\x81\x62\x1c\x8e\xfc\x55\xc5\xed\xd4\xd3\x0b\xd4\x66\x32\xa5\x53\x49\x7b\xd8\x6e\x0e\xfe\x29\x70\x96\xbd\x44\x92\xde\xd4\x3d\x42\x92\x3e\x2e\xe0\x7f\x4d\x01\x15\xee\x23\xfb\xe0\x3d\x02\xde\x23\xe0\x3d\x02\xde\x23\xab\xea\x3d\x02\xee\x21\xe0\xff\x01\xfe\x1f\xe0\xff\x81\xc0\xff\x03\xfc\x3f\x10\xf8\x7f\x80\xff\x07\xf8\x7f\x80\xff\xc7\x6b\x33\xcf\x81\xff\x07\xf8\x7f\x80\xff\x47\xfa\x14\xfc\x3f\xc0\xff\x03\xfc\x3f\xc0\xff\x03\xfc\x3f\x10\xf8\x7f\x80\xff\x07\xf8\x7f\x80\xff\x07\xf8\x7f\xc0\x06\x13\xfc\x3f\xc0\xff\x03\xfc\x3f\xd2\x8c\xc1\xff\x63\x0a\xff\x0f\xea\x10\xb1\xc9\xd7\xb9\x43\x26\x73\x6b\x4e\xef\x19\xc0\x11\x4c\x16\xb8\x22\x77\xce\xb5\xbb\x49\xaf\xfe\x76\xce\x84\x95\xb5\x4d\xbb\x56\x8d\xa0\x37\x61\x8a\xcd\xb1\xda\x4c\x4f\xb0\x9b\x9f\xa7\x32\x59\x7b\xd2\x5d\x73\x3e\x93\xe9\x83\xa7\x26\xeb\x9d\x7a\x9e\xb6\x19\x8b\xb4\xcc\x23\x1a\x92\x3b\xd7\x23\x1a\x61\x6e\x91\x4b\xfb\x60\x77\x1b\x3d\x65\x20\x46\xc2\x90\x86\x3a\xf9\x15\xb6\x47\x44\x4f\x90\x82\xbe\x54\xdc\xd1\x87\x0f\xfb\x3b\x05\x50\x97\x3f\x87\xf8\x2e\xf6\xe4\x7b\x0d\xd6\x73\xd7\x26\x79\x14\x6b\xa2\xd5\xa3\x54\xdb\x65\xde\xba\xbe\x23\x64\xdb\xe0\x50\x72\x5e\x3d\x3f\x57\x13\x35\xcb\xdf\x1d\x0d\x7f\xe2\xd0\x41\x5d\x74\x73\x33\x38\xfd\xfa\xf5\xf0\xe2\xe6\xe6\xe8\xeb\xf7\xcb\xab\x93\x8b\x9b\x9b\xe3\xb3\xcb\x9b\x1b\x53\x4b\xee\x68\x68\x93\x9b\x1c\x43\xbf\x7e\x7b\x40\x7a\xd8\x81\x0e\x3e\x6c\xe9\xfc\xfe\x52\x46\x16\xaa\x78\x90\x97\x4a\x2a\x23\xfd\x92\x83\x46\x1d\xbe\xdd\x7b\x35\xdd\x94\x74\x81\xba\xb5\xe1\x8d\x36\xbf\xbb\x9a\xed\xfe\x3e\xb8\xbc\xba\x38\x39\xfc\x76\x23\x0c\x73\x27\x17\xf3\x6f\xfc\x8c\x87\xb8\x53\x8b\xf5\x04\xb3\xcb\x39\x2c\xe3\xea\x55\xc3\x61\xef\x52\xae\x29\xcd\xdd\x48\xda\x9f\x9a\x14\xb5\xdc\x69\x93\x36\xf0\xe5\x1d\xfc\x84\x31\xc8\xed\xe0\x03\xc5\x7b\x7b\xe4\x61\xc6\xce\x34\xae\x62\x4b\x7c\x9a\x5c\x4b\xda\x44\x83\x94\x19\x1a\xcf\xf3\x0a\xb5\x28\x1b\x97\xc1\x90\xd0\xd2\x90\x60\x38\x4e\x5e\xcd\x53\xe0\x69\xae\xda\x30\x5b\x28\xa6\x30\x28\xc8\x39\xcc\x01\xfe\xda\xb0\x77\x3f\x4b\x76\x4a\x0d\xaf\x95\xac\xdb\x8f\x6e\xed\x56\xec\x47\x77\xf5\x3d\xad\x38\x4a\x44\xff\x44\xd7\x1d\xb9\x1c\xdc\x40\x5e\xa4\x9e\x17\x27\x1b\x66\x71\x22\x52\x8a\xb3\x36\xf9\x4f\x71\x85\x4f\xa2\x67\xaa\xb7\xc9\x76\x85\x3d\xd8\xf2\x49\x79\x23\xd3\x41\xda\x95\xb3\xd3\x1c\xc3\xae\xd3\xbd\x4e\xa5\xec\xf2\x52\xb2\xfd\x85\x34\x6d\xad\x3a\x7c\x9d\x1e\x14\xd4\x85\x7c\x8a\x9c\xdd\xa7\xf0\xca\x68\xf6\x99\xed\x66\xa3\xca\xdb\xa3\xf4\xcb\xa1\xc2\xd8\xdf\xfc\x25\xae\x16\x65\x5d\x8f\xda\xf7\xe5\x1e\x53\x6f\xad\xe2\xdb\x90\x60\xe7\xdc\xf7\x1e\x0f\xd0\x1d\xf6\x58\xce\x2d\x5a\x7e\xa8\xee\x50\x94\xd5\xd0\xbf\x2c\x5e\x4e\x65\x73\x30\xf7\x59\x39\x87\x36\x17\x5c\x15\xae\xa5\xad\xba\xf3\xd6\xdc\x1a\x3e\x76\x22\xb3\xdc\xbc\x98\xdc\x43\xd1\x63\x40\x0e\xd0\x1f\xae\x47\xce\xc3\xa3\x9c\x77\xf8\x92\xee\xd8\x9d\xd0\xd7\x75\x85\x98\x14\x06\x35\xed\x22\x52\x92\x96\x4a\x0c\xa6\x20\x54\x90\x5d\xb2\xaf\x92\xb7\xdd\x5b\xcc\x27\x84\x32\x53\xfd\x24\xf8\x81\x08\x13\xd5\x9e\x34\x51\x09\x75\x55\xb9\x2e\xa7\x3b\x79\x64\x63\x1f\xdd\x12\x2e\x29\x1c\x14\x51\x94\xf8\x36\x10\x84\xb9\x5a\x75\x67\xf1\x31\x22\x0e\xfa\x93\xe7\x86\xce\x48\x84\x5c\x9f\x45\xd8\xf3\xa4\xf7\x65\x95\xa5\xe0\xab\x08\x0f\xc8\x5a\x24\x9c\x81\x73\xe9\x78\xf5\xab\x9d\x2d\x2b\x38\xe4\x65\x9b\xfc\xcc\x9d\xb9\x5a\x65\xce\x97\x98\x6a\xe6\x59\xb1\x9a\x76\xde\xa6\xc4\x92\x32\xd8\xba\x66\x05\x05\x91\x95\xaf\x4e\x37\x29\xb0\x35\x45\x15\x14\x58\x63\x6b\x50\xa5\x5f\x24\x9a\xf2\xea\xfc\x66\xdf\xea\x9a\x06\x4a\x3c\xeb\x0b\xb3\xf8\x9f\x4f\xd7\x9d\x7b\xf2\x78\xdd\x39\xb8\xee\x38\xc4\x71\x6d\x1c\x11\xe7\xba\xb3\x71\xdd\x49\x34\x12\xf1\xea\xe4\xaf\x18\x7b\xe2\xb1\xd0\xe4\xc4\x33\x79\x59\xae\x78\x28\x8f\x4a\xc4\x53\xed\xb4\xa4\xf3\x9c\xbb\xff\xdd\xa0\xca\x57\x76\x6b\x61\x9c\x90\x59\x8b\x46\x75\x9a\x34\x9a\x55\x9b\x46\x8d\x34\x6a\xd4\x54\xab\x46\x53\x68\xd6\xa8\x99\x76\x8d\x26\x69\xd8\x28\xaf\x65\xd7\x29\xd3\xc5\x56\x17\x72\x6c\xa5\x56\xa7\x9f\xd4\x28\xd7\x69\x9a\x0a\x15\x1b\x55\x79\xc2\x21\x4d\x16\x88\xf9\x53\x2c\xb7\xec\x76\x98\x7d\xb6\x39\xa2\x63\xb2\x29\x3e\xdb\x94\xb1\x20\x5d\x36\x2a\x26\x2c\x3b\x04\xe9\x65\x7e\x3e\xbf\xbc\x32\x39\x05\xa1\x09\x4e\x39\x68\x92\x63\x0e\x12\x27\x21\x65\xc4\xae\xc8\x46\x6a\x04\x7c\xb9\x74\xf9\xb8\x9d\x95\xdc\x88\xf4\x4a\x9f\x0e\x0e\xbf\x7e\x3d\x3f\xba\xb9\x38\x3c\xfb\x54\x5d\x73\x39\x52\x89\x9a\x7e\x74\x7a\x7c\x51\x1e\x31\x94\xb9\x8a\x75\x85\x80\x1a\x60\xc6\x7e\xd2\xd0\x29\x4f\x80\xac\xf8\x3f\x4f\x0e\x7f\x9c\xdc\x0c\x0e\x2f\x2f\xff\x3c\xbf\x38\x9e\x54\x7e\x31\xdb\x8a\x1a\x94\xa6\x4b\xbe\x72\xdf\xae\xbe\x1b\x26\x65\xce\xa7\x95\x27\xe9\x19\x13\xe5\x2b\xfe\xed\xea\xfb\xa4\x3a\x7f\xbb\xfa\x5e\x5b\xd3\xca\xaa\x98\xdf\x69\x67\xb1\x65\xdf\x4d\x34\xc9\x61\x07\xd5\xf8\xe4\xa0\x54\x7f\x4f\x2f\xcb\x34\x25\x51\x1a\xa1\x1e\xa4\x57\x48\x20\xd4\xf8\xbd\xf7\xfb\x25\xe7\x9d\x46\x27\xb5\xa8\x72\x43\x9a\xbc\x33\x6e\x4b\xe5\xcf\x7c\x58\x3a\xc9\x33\x11\xd5\x6e\xff\xe4\xaf\x62\x23\x91\xfc\x72\xb8\xe3\xdc\x9a\xea\xa6\x6b\xeb\x95\xc9\x52\x5d\xd6\x77\xad\x5b\xd7\x88\xed\x7a\x3e\x7c\xbc\x36\x69\x10\x4d\xcc\x68\xab\x51\x4e\x1c\x03\xeb\xb3\x12\xfb\xf1\x26\x59\x91\xc8\xae\xce\xc9\xb9\x35\x4f\x9d\x52\x2e\x0f\x38\xdc\xf4\xdc\xdb\x4d\xf3\x07\x49\x76\x9e\x7b\x6b\x8d\x29\xd7\x30\x26\xe6\xca\x33\xab\x4c\x5a\xbf\x3f\x32\x67\x58\xb7\x33\x2a\x4c\x0b\xcb\x0f\x4a\x7d\xf2\x6a\x24\x4a\x86\x4b\x47\x67\xa7\x95\xd0\xb4\xae\xcb\x7a\x51\x33\x22\xf0\xe2\xa1\xeb\x97\xa6\x62\xad\xa2\x42\x83\x68\x33\xbc\x27\x56\x44\xa9\xc7\x36\x73\xf9\x58\xb6\xef\x1a\xd4\x96\x6c\x6c\x84\x00\xfd\x4a\x69\x70\x8b\xed\xfb\x8a\x51\x5a\x5a\xa7\x36\xc4\xb8\x02\xbc\x55\x46\x16\x25\x2f\x07\xa7\xc7\xe5\x17\xea\xd2\xfc\xaa\xab\x97\x26\xb5\x9a\x91\xaf\xae\x1f\xff\x52\x5c\x1b\x07\xe8\xa9\xe0\xf7\x5e\x3e\x04\x30\x6c\x60\xcc\x96\x5e\x54\x6b\xed\x95\xbf\x3a\xc7\xb3\x36\x5f\x97\x7c\xdd\xca\x36\xa2\xfc\x10\x55\xc8\x29\xa3\xa9\x48\xfe\x94\x7a\x90\x00\xb7\x41\x0f\x9f\x30\xfc\x93\xf3\x2e\xc9\xbb\x49\xb2\x6e\x72\x96\x65\xc1\x37\x49\xe8\x4d\xce\xb3\x24\x01\xeb\xa4\x5f\xf3\x1e\x2d\x7f\xdd\x40\x0c\x4e\xce\xbe\x52\x30\x36\x81\xc0\xc9\xd9\x57\x81\xe2\x3c\xcf\x2f\xf7\x8d\x9b\x45\x69\x9e\xbc\xd0\x0f\x32\xa7\xba\x7c\xb9\x95\x97\x58\x6e\xf5\xe7\xcc\x1c\x86\xf7\x55\xc6\xa9\xc5\x51\xc9\xb4\xa8\xde\x24\x96\x8b\xc4\x00\x65\x22\x10\xc8\xf3\x59\x14\xe9\x2b\x50\x23\x3a\x17\xd4\x9e\xe0\xa4\x7c\xed\x4c\x65\x0d\x55\xd2\x80\x8b\x05\x77\xfe\x35\xa9\xeb\x9c\xec\x4a\xe2\x2a\xae\x93\x94\x58\x05\xcd\x89\xfa\xa4\x21\x2b\x40\x9b\xd9\xa1\x11\x03\xd4\x44\xfc\xe7\x72\x6c\x44\x20\xd0\x92\x08\xa0\x20\x6d\xe7\xbf\xa2\xe6\xb1\x94\x6a\x2e\x06\x6f\xb9\xc8\xf2\xb4\x2c\x56\xb1\xf9\xd3\x50\x85\xb4\x62\x25\xa9\x9b\xd7\x4d\x39\x49\x16\xc7\x1c\x32\x9f\x21\x29\xcd\xec\xd5\x9c\xd2\x9a\xbd\xab\x78\xd4\xb4\x0f\x27\x4d\x19\xf5\xd4\xa6\x76\x81\xf6\xaa\x1d\x3a\xc1\x91\x11\x1c\x19\xc1\x91\x11\x1c\x19\xe5\x7f\x2b\x66\xe0\x83\x23\x23\x38\x32\x32\x55\x1c\x8e\x8c\xe0\xc8\xa8\x36\x2b\x38\x32\x82\x23\x23\x38\x32\x2a\xfd\xe0\xc8\x68\x8a\x4e\x85\x23\xa3\xac\x47\xe0\xc8\xa8\x79\xde\x70\x64\x64\xce\x17\x8e\x8c\xe0\xc8\x08\x8e\x8c\xe0\xc8\x08\x8e\x8c\xe0\xc8\x08\x8e\x8c\xde\xe0\x91\xd1\xdf\x10\x7a\xde\xf8\x5b\x72\x6a\xd4\x39\x40\x4f\xe2\x0c\x49\x1a\xfa\x3f\xf6\xbb\xfd\xbd\x6e\xcf\x12\xe7\x02\x9d\x83\x7c\x14\xd3\x46\x3e\xe1\x7e\xb7\x67\x85\xd8\xb7\x47\x24\xec\xc9\x73\x02\xbb\xf2\xeb\x7d\x51\xec\xdf\x44\xc9\x9d\x2f\xfb\x4c\x8d\xe7\xa9\x7f\x47\x55\x0d\x3a\xbc\x8c\x5e\x5a\x9d\x31\xfe\x75\xf1\xe5\x44\x25\xe3\x59\xf5\xba\x5b\xdd\x2d\x55\x05\xfe\x52\x16\xac\x25\xe0\xaf\xd3\xb6\x89\xcc\xba\xfd\xa4\x7e\xfd\x34\x5f\x87\x04\x21\xb1\x71\x44\xaa\x73\xcf\x92\x4c\x2e\xa3\x3f\xcf\x0a\x6f\xcd\x33\xb3\xed\xba\xcc\xb6\xbb\xfd\xfa\xcc\x78\x82\x5c\x76\x3b\xd5\xd9\xf5\xbb\xbd\x6e\x6f\x52\x76\xdb\xf9\xec\x76\xbb\xbb\xe9\xd8\x58\x13\x3a\x71\x7f\x42\xbb\xbb\x1f\x72\x79\xef\xcf\xb1\x17\xf7\xbb\xfd\x9e\xa9\x9e\xf3\x9d\x45\xfb\xdd\xfe\xc2\x67\xea\x87\x39\xf6\xca\x87\xee\xfb\x45\x55\x57\x21\x84\x4a\xa0\xe2\xe9\x33\xbc\x60\x09\x58\x6c\x75\xf9\xfc\x16\x53\xe9\x7d\xf7\x97\xc8\x5f\x4c\xb3\x5e\xf2\x74\x57\x7f\xda\x37\x3e\xdd\x32\x3e\x4d\xf3\xdd\x4b\x9e\x2a\x32\x32\xbd\xbc\xa4\x9a\x5f\x4e\xaa\xab\xd8\xd3\xb3\xda\xd6\x67\x91\x39\x57\x2d\xc9\x56\xa7\x84\x94\xc7\xd4\xbe\x27\xa1\x8e\x97\x0a\x2e\xff\x29\xba\x96\x43\x91\xaa\xaf\xf8\x63\x4b\xff\x63\x3b\xfb\xe3\x7d\xb7\xa7\xfd\xb5\xdf\xed\xed\xe5\xfe\xfa\x90\xfd\xf5\x41\xa6\xfc\x1b\x42\xff\xda\x50\xc5\xf5\x97\x5b\xdc\xd6\x8c\xc5\xbd\xcf\x15\xf7\x3e\x57\x5c\xcb\xaa\x6c\xaf\x4e\x55\x76\xf4\xaa\x2c\xa3\xc0\xdd\x65\x17\xb8\xb7\xec\x02\xdf\x2f\xb9\xc0\xfd\x69\x67\x93\x96\xc7\x87\xe5\xac\xc5\x12\x0e\xfd\x29\x9d\x01\x94\x46\xaa\x4c\x9d\xba\x0a\xb7\x9b\x4a\x04\x12\xd9\x4e\xe7\x00\xf9\xb1\xe7\xc9\x8c\xb9\x4a\x8a\x03\xb7\xf4\xcc\x23\x51\xf2\x11\xea\x60\x49\x22\x21\x65\x47\x2f\x53\x2d\x50\x07\xfb\xd4\x7f\x1c\xd3\x98\x59\x5c\x75\xe6\x09\x04\x03\x43\xfa\x3a\x8e\x46\xc4\x8f\x5c\x5b\x28\xd4\x56\x44\xef\x89\x6f\xfd\x24\xb7\x23\x4a\xef\x79\xe2\x28\x8c\x73\x69\x53\xdd\xdb\x1a\x53\x87\xeb\xc1\x9d\x3f\x55\x62\x95\xc8\x26\x61\x64\x39\x6e\xc8\x5f\xfd\x73\x70\x71\xf2\xc7\xe9\x7f\xde\x0c\x0e\xaf\x3e\xff\x2b\xb5\xb2\xa9\xca\x6f\x06\xf7\x6e\xfa\xd1\x50\x6c\x83\xac\x80\x84\xd6\x5f\x94\x95\x6a\xa9\xac\x8f\xe6\x7c\x69\x10\x6d\xda\xbe\xbb\x79\xeb\xfa\x7a\x7a\xbe\x59\x32\x7f\x20\x68\x24\x7c\x77\xd3\x27\x51\xd7\x49\x3e\x21\xbe\xe0\xd4\x92\xfc\x46\xd8\xf3\xa8\x8d\x85\x4d\x8d\x7f\xfe\xdb\x6f\x69\xaa\x07\xe2\x47\xd6\x5f\x81\xec\xe9\xe4\xe9\x1d\xc1\x51\x1c\x12\x6b\x88\x23\x22\xde\x7c\x7e\x0c\x48\xf8\x23\xbd\xd2\xe3\x23\xef\xc5\x0d\x35\x09\x3e\x7d\xbb\x3c\xfc\xa8\x77\xab\x38\x42\xb0\x82\xd8\xf3\xac\x20\xa4\x92\x46\xd4\x21\xd8\xf1\x5c\x5f\x94\xbe\xdd\x1b\x27\x49\xc5\xf6\x24\x24\x82\x92\x96\xcf\x92\x8e\x1d\xc4\x1f\x77\x7b\xbd\xf1\x86\xe4\x95\xe1\xff\xfe\xe6\x6e\x90\x60\x44\xc6\x24\xc4\x9e\xc5\x22\x1a\xe2\x21\xf9\xd8\xff\x94\xf6\xf5\x18\xdf\x13\xcb\x0d\x94\xc9\x31\x8e\x5c\xcf\xb2\x47\xd8\x15\xf3\x31\x37\xdc\xca\x80\xa3\x0e\x40\x44\x69\x7e\x9a\x4b\x48\xb0\x63\x51\xdf\x7b\xb4\x02\x1a\x46\xb9\xde\xe0\x3b\x57\xef\x41\xf4\x7f\xbe\xf3\x24\xd3\x8c\xeb\x0f\xf9\x3b\x3f\xbd\x0c\xcf\x23\x96\x22\x26\x29\xb4\x56\x31\x4e\x15\xdb\xdb\xef\x69\x0d\xde\xfa\x64\x6a\xee\x56\xd6\xdc\xc8\x63\x96\xed\x06\x23\x12\x5a\x2c\x76\xd5\xf8\x5c\x7d\xbd\xbc\x39\x39\x3a\xfe\x7c\xc2\xff\xff\xf2\xf0\xe6\xcf\xd3\xab\xcf\x37\x87\x27\x97\x37\xfd\xad\xfd\x9b\x4f\x47\xdf\x6e\x2e\x3f\x1f\x6e\xed\xee\x6d\x54\xa6\xdb\xda\xdd\x4b\xd2\x6d\xef\xef\x98\xd3\x1d\x7d\x3e\x3c\xfa\x7c\xb8\xd5\xbb\x19\x9c\x7f\xfd\x47\x7f\xbb\xb7\xab\x25\xbb\x68\x54\xe8\x45\xa3\x22\x2f\x2a\x0b\x4c\xfa\xe0\x41\x28\x8b\xe9\x5f\xe2\x58\x42\x0d\x6b\xb3\xa5\x2a\x3f\x51\x27\x61\x1c\xe2\xa4\x5a\x2b\x27\x64\x10\xd2\x5f\x8f\x19\x14\x11\x9f\xcf\x2c\xcb\x61\x61\x69\x19\x97\xd6\xc9\x9f\xae\x7f\xfe\x40\x42\x0f\x3f\xe6\x56\x84\x22\x3b\x16\xf7\xaa\x59\x1a\xb4\xa5\xce\x13\x49\x42\x51\x74\x8a\x44\xf7\x24\xf4\x89\x27\x76\xf2\x85\x96\x17\x6a\x7c\x94\x5e\xcb\x92\x43\xd5\xd4\xc1\x4f\x3d\xcd\xed\xbd\xf6\x00\xa1\x01\xa1\x01\xa1\x01\xa1\x01\xa1\x57\x14\xa1\xdf\x03\x42\x03\x42\x03\x42\x03\x42\x03\x42\xaf\x16\x42\x2b\x73\xc8\x91\xcb\xa4\x33\xc8\x00\x87\x78\x9c\x9a\x3f\x32\x93\xae\x04\xef\x5b\xe2\xdb\xa3\x31\x0e\xef\x35\x43\x77\x78\x4f\x2c\xdb\x65\x56\xbf\xbb\x5b\x38\x11\x99\xee\xb3\xbd\xe9\x3e\x7b\x3f\xdd\x67\xfb\xad\x3e\xcb\x7a\xeb\xf7\x42\x6a\xdd\x8e\x2d\xbf\xd0\xcf\x97\x7c\x3c\x14\xeb\x5b\xcc\x16\x39\x18\x63\xd7\xff\x92\x06\xbe\xe4\xce\x9e\xfa\xdb\xca\x6c\xc5\xee\xdd\x20\x20\xce\xd1\x88\xd8\xf7\x2c\x37\x92\x3e\x8d\x0e\x03\x71\xe7\xd4\xad\x47\x72\xef\xd3\xc6\x25\xd5\x9e\xb6\x12\xbb\xf3\xa8\x44\xd6\x7f\xa6\xde\x10\x52\x63\xda\xce\x78\x7a\xae\xab\xc5\xd3\xb3\xa1\x0e\xa6\xce\x68\x54\x87\xaa\xbe\x50\x88\xb0\x2b\x4e\x84\x0e\x50\xe7\x84\x43\x83\xeb\x0f\xd1\x80\x3a\xe8\x52\x79\x56\x22\xe9\x7c\x29\x82\x15\x6d\x1c\x33\x82\x5c\xc6\x62\xc2\xd0\x4f\x37\x1a\xa1\x31\xf6\x1f\xd1\x88\x78\x63\x64\x8f\x70\x98\x8f\x50\x64\xc9\x2a\xe7\x05\x6c\x2f\xba\x80\x9d\x45\x17\xb0\xbb\xd8\x02\xb6\x0b\x63\xa0\x9c\x65\x65\xde\x2e\x61\x5a\xee\x1e\x8d\x10\xbd\x43\xb1\xef\xfa\x11\xf1\x1d\xe2\x24\x0e\x51\x28\x0a\xf1\xdd\x9d\x6b\x23\xc7\x65\x61\x1c\x14\x4a\xd8\x93\x7d\x74\x98\x5c\xe6\x93\x39\x27\xa0\x20\xa4\x0f\xae\x23\xae\xac\xba\xf3\xc8\x2f\xf7\xd6\x23\x88\x67\x28\xdf\x46\x14\x45\xe1\x23\xa2\x71\x84\x1e\x70\xe8\xd2\x98\x21\x27\xbd\xb6\x2e\x27\x6f\x2a\x66\xb3\xac\x41\xbf\xdb\x97\x07\x7f\xca\xd9\x48\x96\xca\xe7\x29\x71\xd0\xed\x23\xba\xf8\x72\x82\x1c\x4a\x98\xff\x5b\x94\x04\xfc\x21\x1a\xa2\x31\x76\x85\x9e\x86\x30\xca\xdd\x33\x8b\xee\x5c\x8f\xa0\x3b\x1a\x4a\xcf\x0a\x1c\xb8\x42\x0f\x09\xbb\xd7\xfe\xa1\xe7\x15\xd2\xba\x0c\x05\x98\x31\xe2\x20\x9e\x11\x43\x38\x1c\xc6\xa2\xf6\x08\x47\x59\x58\x1a\x0a\x63\x5f\x30\x19\x77\x93\x5e\xe3\x75\xde\x5a\xc3\x3a\x6f\xaf\x61\x9d\x77\xd6\xb0\xce\xbb\x6b\x58\xe7\xbd\x35\xac\xf3\xfb\x35\xac\xf3\xfe\xba\xd4\x59\x00\xb8\xa6\x1f\xde\x6f\xa7\x1a\xb4\x3d\xc2\x3e\x57\xda\x93\xc3\x4d\x05\xe5\x1e\xdf\x21\xe8\xae\x12\xff\xdf\xfd\x36\x4b\xd5\x7e\x2e\x57\xd2\x77\x9a\x78\x30\x7e\xbc\xd7\x7d\x5f\xf9\xf1\x5e\x5a\xb5\x7f\xfd\x0d\x3d\xff\xed\xf9\xff\x05\x00\x00\xff\xff\x87\x32\xfd\x11\x7b\x77\x08\x00") func dataDataJsonBytes() ([]byte, error) { return bindataRead( @@ -92,7 +92,7 @@ func dataDataJson() (*asset, error) { return nil, err } - info := bindataFileInfo{name: "data/data.json", size: 461935, mode: os.FileMode(420), modTime: time.Unix(1557785965, 0)} + info := bindataFileInfo{name: "data/data.json", size: 554875, mode: os.FileMode(420), modTime: time.Unix(1557785965, 0)} a := &asset{bytes: bytes, info: info} return a, nil } diff --git a/data/data.json b/data/data.json index 971e6245..59d01733 100755 --- a/data/data.json +++ b/data/data.json @@ -2916,6 +2916,37 @@ "metricsServer": "rancher/metrics-server:v0.3.3", "windowsPodInfraContainer": "rancher/kubelet-pause:v0.1.3" }, + "v1.15.10-rancher1-2": { + "etcd": "rancher/coreos-etcd:v3.3.10-rancher1", + "alpine": "rancher/rke-tools:v0.1.53", + "nginxProxy": "rancher/rke-tools:v0.1.53", + "certDownloader": "rancher/rke-tools:v0.1.53", + "kubernetesServicesSidecar": "rancher/rke-tools:v0.1.53", + "kubedns": "rancher/k8s-dns-kube-dns:1.15.0", + "dnsmasq": "rancher/k8s-dns-dnsmasq-nanny:1.15.0", + "kubednsSidecar": "rancher/k8s-dns-sidecar:1.15.0", + "kubednsAutoscaler": "rancher/cluster-proportional-autoscaler:1.3.0", + "coredns": "rancher/coredns-coredns:1.3.1", + "corednsAutoscaler": "rancher/cluster-proportional-autoscaler:1.3.0", + "nodelocal": "rancher/k8s-dns-node-cache:1.15.7", + "kubernetes": "rancher/hyperkube:v1.15.10-rancher1", + "flannel": "rancher/coreos-flannel:v0.11.0-rancher1", + "flannelCni": "rancher/flannel-cni:v0.3.0-rancher5", + "calicoNode": "rancher/calico-node:v3.7.4", + "calicoCni": "rancher/calico-cni:v3.7.4", + "calicoControllers": "rancher/calico-kube-controllers:v3.7.4", + "calicoCtl": "rancher/calico-ctl:v2.0.0", + "canalNode": "rancher/calico-node:v3.7.4", + "canalCni": "rancher/calico-cni:v3.7.4", + "canalFlannel": "rancher/coreos-flannel:v0.11.0", + "weaveNode": "weaveworks/weave-kube:2.5.2", + "weaveCni": "weaveworks/weave-npc:2.5.2", + "podInfraContainer": "rancher/pause:3.1", + "ingress": "rancher/nginx-ingress-controller:nginx-0.25.1-rancher1", + "ingressBackend": "rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1", + "metricsServer": "rancher/metrics-server:v0.3.3", + "windowsPodInfraContainer": "rancher/kubelet-pause:v0.1.3" + }, "v1.15.2-rancher1-1": { "etcd": "rancher/coreos-etcd:v3.3.10-rancher1", "alpine": "rancher/rke-tools:v0.1.40", @@ -3462,6 +3493,39 @@ "metricsServer": "rancher/metrics-server:v0.3.4", "windowsPodInfraContainer": "rancher/kubelet-pause:v0.1.3" }, + "v1.16.7-rancher1-2": { + "etcd": "rancher/coreos-etcd:v3.3.15-rancher1", + "alpine": "rancher/rke-tools:v0.1.53", + "nginxProxy": "rancher/rke-tools:v0.1.53", + "certDownloader": "rancher/rke-tools:v0.1.53", + "kubernetesServicesSidecar": "rancher/rke-tools:v0.1.53", + "kubedns": "rancher/k8s-dns-kube-dns:1.15.0", + "dnsmasq": "rancher/k8s-dns-dnsmasq-nanny:1.15.0", + "kubednsSidecar": "rancher/k8s-dns-sidecar:1.15.0", + "kubednsAutoscaler": "rancher/cluster-proportional-autoscaler:1.7.1", + "coredns": "rancher/coredns-coredns:1.6.2", + "corednsAutoscaler": "rancher/cluster-proportional-autoscaler:1.7.1", + "nodelocal": "rancher/k8s-dns-node-cache:1.15.7", + "kubernetes": "rancher/hyperkube:v1.16.7-rancher1", + "flannel": "rancher/coreos-flannel:v0.11.0-rancher1", + "flannelCni": "rancher/flannel-cni:v0.3.0-rancher5", + "calicoNode": "rancher/calico-node:v3.10.2", + "calicoCni": "rancher/calico-cni:v3.10.2", + "calicoControllers": "rancher/calico-kube-controllers:v3.10.2", + "calicoCtl": "rancher/calico-ctl:v2.0.0", + "calicoFlexVol": "rancher/calico-pod2daemon-flexvol:v3.10.2", + "canalNode": "rancher/calico-node:v3.10.2", + "canalCni": "rancher/calico-cni:v3.10.2", + "canalFlannel": "rancher/coreos-flannel:v0.11.0", + "canalFlexVol": "rancher/calico-pod2daemon-flexvol:v3.10.2", + "weaveNode": "weaveworks/weave-kube:2.5.2", + "weaveCni": "weaveworks/weave-npc:2.5.2", + "podInfraContainer": "rancher/pause:3.1", + "ingress": "rancher/nginx-ingress-controller:nginx-0.25.1-rancher1", + "ingressBackend": "rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1", + "metricsServer": "rancher/metrics-server:v0.3.4", + "windowsPodInfraContainer": "rancher/kubelet-pause:v0.1.3" + }, "v1.17.0-rancher1-1": { "etcd": "rancher/coreos-etcd:v3.4.3-rancher1", "alpine": "rancher/rke-tools:v0.1.51", @@ -3619,6 +3683,39 @@ "metricsServer": "rancher/metrics-server:v0.3.6", "windowsPodInfraContainer": "rancher/kubelet-pause:v0.1.3" }, + "v1.17.3-rancher1-2": { + "etcd": "rancher/coreos-etcd:v3.4.3-rancher1", + "alpine": "rancher/rke-tools:v0.1.53", + "nginxProxy": "rancher/rke-tools:v0.1.53", + "certDownloader": "rancher/rke-tools:v0.1.53", + "kubernetesServicesSidecar": "rancher/rke-tools:v0.1.53", + "kubedns": "rancher/k8s-dns-kube-dns:1.15.0", + "dnsmasq": "rancher/k8s-dns-dnsmasq-nanny:1.15.0", + "kubednsSidecar": "rancher/k8s-dns-sidecar:1.15.0", + "kubednsAutoscaler": "rancher/cluster-proportional-autoscaler:1.7.1", + "coredns": "rancher/coredns-coredns:1.6.5", + "corednsAutoscaler": "rancher/cluster-proportional-autoscaler:1.7.1", + "nodelocal": "rancher/k8s-dns-node-cache:1.15.7", + "kubernetes": "rancher/hyperkube:v1.17.3-rancher1", + "flannel": "rancher/coreos-flannel:v0.11.0-rancher1", + "flannelCni": "rancher/flannel-cni:v0.3.0-rancher5", + "calicoNode": "rancher/calico-node:v3.10.2", + "calicoCni": "rancher/calico-cni:v3.10.2", + "calicoControllers": "rancher/calico-kube-controllers:v3.10.2", + "calicoCtl": "rancher/calico-ctl:v2.0.0", + "calicoFlexVol": "rancher/calico-pod2daemon-flexvol:v3.10.2", + "canalNode": "rancher/calico-node:v3.10.2", + "canalCni": "rancher/calico-cni:v3.10.2", + "canalFlannel": "rancher/coreos-flannel:v0.11.0", + "canalFlexVol": "rancher/calico-pod2daemon-flexvol:v3.10.2", + "weaveNode": "weaveworks/weave-kube:2.5.2", + "weaveCni": "weaveworks/weave-npc:2.5.2", + "podInfraContainer": "rancher/pause:3.1", + "ingress": "rancher/nginx-ingress-controller:nginx-0.25.1-rancher1", + "ingressBackend": "rancher/nginx-ingress-controller-defaultbackend:1.5-rancher1", + "metricsServer": "rancher/metrics-server:v0.3.6", + "windowsPodInfraContainer": "rancher/kubelet-pause:v0.1.3" + }, "v1.8.11-rancher2-1": { "etcd": "rancher/coreos-etcd:v3.0.17", "alpine": "rancher/rke-tools:v0.1.8", @@ -3724,16 +3821,24 @@ "K8sVersionedTemplates": { "calico": { "\u003e=1.13.0-rancher0 \u003c1.15.0-rancher0": "calico-v1.13", - "\u003e=1.15.0-rancher0 \u003c1.16.0-alpha": "calico-v1.15", + "\u003e=1.15.0-rancher0 \u003c1.15.10-rancher1-2": "calico-v1.15", + "\u003e=1.15.10-rancher1-2 \u003c1.16.0-alpha": "calico-v1.15-privileged", "\u003e=1.16.0-alpha \u003c1.16.4-rancher1": "calico-v1.16", - "\u003e=1.16.4-rancher1": "calico-v1.17", + "\u003e=1.16.4-rancher1 \u003c1.16.7-rancher1-2": "calico-v1.17", + "\u003e=1.16.7-rancher1-2 \u003c1.17.0-rancher0": "calico-v1.17-privileged", + "\u003e=1.17.0-rancher0 \u003c1.17.3-rancher1-2": "calico-v1.17", + "\u003e=1.17.3-rancher1-2": "calico-v1.17-privileged", "\u003e=1.8.0-rancher0 \u003c1.13.0-rancher0": "calico-v1.8" }, "canal": { "\u003e=1.13.0-rancher0 \u003c1.15.0-rancher0": "canal-v1.13", - "\u003e=1.15.0-rancher0 \u003c1.16.0-alpha": "canal-v1.15", + "\u003e=1.15.0-rancher0 \u003c1.15.10-rancher1-2": "canal-v1.15", + "\u003e=1.15.10-rancher1-2 \u003c1.16.0-alpha": "canal-v1.15-privileged", "\u003e=1.16.0-alpha \u003c1.16.4-rancher1": "canal-v1.16", - "\u003e=1.16.4-rancher1": "canal-v1.17", + "\u003e=1.16.4-rancher1 \u003c1.16.7-rancher1-2": "canal-v1.17", + "\u003e=1.16.7-rancher1-2 \u003c1.17.0-rancher0": "canal-v1.17-privileged", + "\u003e=1.17.0-rancher0 \u003c1.17.3-rancher1-2": "canal-v1.17", + "\u003e=1.17.3-rancher1-2": "canal-v1.17-privileged", "\u003e=1.8.0-rancher0 \u003c1.13.0-rancher0": "canal-v1.8" }, "coreDNS": { @@ -3761,16 +3866,25 @@ "\u003e=1.15.3-rancher2": "nginxingress-v1.15", "\u003e=1.8.0-rancher0 \u003c1.13.10-rancher1-3": "nginxingress-v1.8" }, + "nodelocal": { + "\u003e=1.15.10-rancher1-2 \u003c1.16.0-alpha": "nodelocal-v1.15", + "\u003e=1.16.7-rancher1-2 \u003c1.17.0-alpha": "nodelocal-v1.15", + "\u003e=1.17.3-rancher1-2": "nodelocal-v1.15" + }, "templateKeys": { "calico-v1.13": "\n{{if eq .RBACConfig \"rbac\"}}\n## start rbac here\n\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n## end rbac here\n\n---\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # To enable Typha, set this to \"calico-typha\" *and* set a non-zero value for Typha replicas\n # below. We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is\n # essential.\n typha_service_name: \"none\"\n # Configure the Calico backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n\n# This manifest installs the calico/node container, as well\n# as the Calico CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n serviceAccountName: calico-node\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container installs the Calico CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n containers:\n # Runs calico/node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Typha support: controlled by the ConfigMap.\n - name: FELIX_TYPHAK8SSERVICENAME\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: typha_service_name\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n volumes:\n # Used by calico/node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n\n# Create all the CustomResourceDefinitions needed for\n# Calico policy and networking mode.\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n\n\n{{if ne .CloudProvider \"none\"}}\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: {{.CloudProvider}}-ippool\n namespace: kube-system\ndata:\n {{.CloudProvider}}-ippool: |-\n apiVersion: projectcalico.org/v3\n kind: IPPool\n metadata:\n name: ippool-ipip-1\n spec:\n cidr: {{.ClusterCIDR}}\n ipipMode: Always\n natOutgoing: true\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: calicoctl\n namespace: kube-system\nspec:\n hostNetwork: true\n restartPolicy: OnFailure\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: calicoctl\n image: {{.Calicoctl}}\n command: [\"/bin/sh\", \"-c\", \"calicoctl apply -f {{.CloudProvider}}-ippool.yaml\"]\n env:\n - name: DATASTORE_TYPE\n value: kubernetes\n volumeMounts:\n - name: ippool-config\n mountPath: /root/\n volumes:\n - name: ippool-config\n configMap:\n name: {{.CloudProvider}}-ippool\n items:\n - key: {{.CloudProvider}}-ippool\n path: {{.CloudProvider}}-ippool.yaml\n # Mount in the etcd TLS secrets.\n{{end}}\n", "calico-v1.15": "\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n{{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n# See https://github.com/projectcalico/kube-controllers\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\nspec:\n # The controller can only have a single active instance.\n replicas: 1\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n", - "calico-v1.16": "\n{{if eq .RBACConfig \"rbac\"}}\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n\n# See https://github.com/projectcalico/kube-controllers\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\nspec:\n # The controllers can only have a single active instance.\n replicas: 1\n selector:\n matchLabels:\n k8s-app: calico-kube-controllers\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n priorityClassName: system-cluster-critical\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n", - "calico-v1.17": "\n{{if eq .RBACConfig \"rbac\"}}\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n - blockaffinities\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n\n# See https://github.com/projectcalico/kube-controllers\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\nspec:\n # The controllers can only have a single active instance.\n replicas: 1\n selector:\n matchLabels:\n k8s-app: calico-kube-controllers\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n priorityClassName: system-cluster-critical\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n", + "calico-v1.15-privileged": "\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n{{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n securityContext:\n privileged: true\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n securityContext:\n privileged: true\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n# See https://github.com/projectcalico/kube-controllers\napiVersion: extensions/v1beta1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\nspec:\n # The controller can only have a single active instance.\n replicas: 1\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n", + "calico-v1.16": "\n{{if eq .RBACConfig \"rbac\"}}\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n{{- if .FlexVolPluginDir }}\n path: {{.FlexVolPluginDir}}\n{{- else }}\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n{{- end }}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n\n# See https://github.com/projectcalico/kube-controllers\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\nspec:\n # The controllers can only have a single active instance.\n replicas: 1\n selector:\n matchLabels:\n k8s-app: calico-kube-controllers\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n priorityClassName: system-cluster-critical\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n", + "calico-v1.17": "\n{{if eq .RBACConfig \"rbac\"}}\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n - blockaffinities\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n{{- if .FlexVolPluginDir }}\n path: {{.FlexVolPluginDir}}\n{{- else }}\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n{{- end }}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n\n# See https://github.com/projectcalico/kube-controllers\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\nspec:\n # The controllers can only have a single active instance.\n replicas: 1\n selector:\n matchLabels:\n k8s-app: calico-kube-controllers\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n priorityClassName: system-cluster-critical\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n", + "calico-v1.17-privileged": "\n{{if eq .RBACConfig \"rbac\"}}\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the kube-controllers component,\n# and bind it to the calico-kube-controllers serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nrules:\n # Nodes are watched to monitor for deletions.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - watch\n - list\n - get\n # Pods are queried to check for existence.\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n # IPAM resources are manipulated when nodes are deleted.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n verbs:\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n # Needs access to update clusterinformations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - clusterinformations\n verbs:\n - get\n - create\n - update\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-kube-controllers\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-kube-controllers\nsubjects:\n- kind: ServiceAccount\n name: calico-kube-controllers\n namespace: kube-system\n---\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n - blockaffinities\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n # These permissions are required for Calico CNI to perform IPAM allocations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n - ipamblocks\n - ipamhandles\n verbs:\n - get\n - list\n - create\n - update\n - delete\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ipamconfigs\n verbs:\n - get\n # Block affinities must also be watchable by confd for route aggregation.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - blockaffinities\n verbs:\n - watch\n # The Calico IPAM migration needs to get daemonsets. These permissions can be\n # removed if not upgrading from an installation using host-local IPAM.\n - apiGroups: [\"apps\"]\n resources:\n - daemonsets\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Calico installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # Configure the backend to use.\n calico_backend: \"bird\"\n\n # Configure the MTU to use\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n veth_mtu: \"{{.MTU}}\"\n{{- end}}\n{{- else }}\n veth_mtu: \"1440\"\n{{- end}}\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"info\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": __CNI_MTU__,\n \"ipam\": {\n \"type\": \"calico-ipam\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n---\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamblocks.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMBlock\n plural: ipamblocks\n singular: ipamblock\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: blockaffinities.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BlockAffinity\n plural: blockaffinities\n singular: blockaffinity\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamhandles.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMHandle\n plural: ipamhandles\n singular: ipamhandle\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ipamconfigs.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPAMConfig\n plural: ipamconfigs\n singular: ipamconfig\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n---\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the calico-node container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n hostNetwork: true\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-node\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container performs upgrade from host-local IPAM to calico-ipam.\n # It can be deleted if this is a fresh installation, or if you have already\n # upgraded to use calico-ipam.\n - name: upgrade-ipam\n image: {{.CNIImage}}\n command: [\"/opt/cni/bin/calico-ipam\", \"-upgrade\"]\n env:\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n volumeMounts:\n - mountPath: /var/lib/cni/networks\n name: host-local-net-dir\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n securityContext:\n privileged: true\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # CNI MTU Config variable\n - name: CNI_MTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n securityContext:\n privileged: true\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n securityContext:\n privileged: true\n containers:\n # Runs calico-node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Choose the backend to use.\n - name: CALICO_NETWORKING_BACKEND\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: calico_backend\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: veth_mtu\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set Felix logging to \"info\"\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"info\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n exec:\n command:\n - /bin/calico-node\n - -bird-ready\n - -felix-ready\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n volumes:\n # Used by calico-node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Mount in the directory for host-local IPAM allocations. This is\n # used when upgrading from host-local to calico-ipam, and can be removed\n # if not using the upgrade-ipam init container.\n - name: host-local-net-dir\n hostPath:\n path: /var/lib/cni/networks\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n{{- if .FlexVolPluginDir }}\n path: {{.FlexVolPluginDir}}\n{{- else }}\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n{{- end }}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n---\n# Source: calico/templates/calico-kube-controllers.yaml\n\n# See https://github.com/projectcalico/kube-controllers\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\nspec:\n # The controllers can only have a single active instance.\n replicas: 1\n selector:\n matchLabels:\n k8s-app: calico-kube-controllers\n strategy:\n type: Recreate\n template:\n metadata:\n name: calico-kube-controllers\n namespace: kube-system\n labels:\n k8s-app: calico-kube-controllers\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n nodeSelector:\n beta.kubernetes.io/os: linux\n tolerations:\n # Make sure calico-node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n{{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: calico-kube-controllers\n{{end}}\n priorityClassName: system-cluster-critical\n containers:\n - name: calico-kube-controllers\n image: {{.ControllersImage}}\n env:\n # Choose which controllers to run.\n - name: ENABLED_CONTROLLERS\n value: node\n - name: DATASTORE_TYPE\n value: kubernetes\n readinessProbe:\n exec:\n command:\n - /usr/bin/check-status\n - -r\n", "calico-v1.8": "\n{{if eq .RBACConfig \"rbac\"}}\n## start rbac here\n\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico-node\nrules:\n - apiGroups: [\"\"]\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - update\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n - list\n - watch\n - patch\n - apiGroups: [\"\"]\n resources:\n - services\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - update\n - watch\n - apiGroups: [\"extensions\"]\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - clusterinformations\n - hostendpoints\n verbs:\n - create\n - get\n - list\n - update\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n## end rbac here\n\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: calico-config\n namespace: kube-system\ndata:\n # To enable Typha, set this to \"calico-typha\" *and* set a non-zero value for Typha replicas\n # below. We recommend using Typha if you have more than 50 nodes. Above 100 nodes it is\n # essential.\n typha_service_name: \"none\"\n # The CNI network configuration to install on each node.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"mtu\": 1500,\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\",\n \"k8s_auth_token\": \"__SERVICEACCOUNT_TOKEN__\"\n },\n \"kubernetes\": {\n \"k8s_api_root\": \"https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__\",\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n---\n\n# This manifest installs the calico/node container, as well\n# as the Calico CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: calico-node\n namespace: kube-system\n labels:\n k8s-app: calico-node\nspec:\n selector:\n matchLabels:\n k8s-app: calico-node\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: calico-node\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Make sure calico/node gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n - key: \"node-role.kubernetes.io/controlplane\"\n operator: \"Exists\"\n effect: \"NoSchedule\"\n - key: \"node-role.kubernetes.io/etcd\"\n operator: \"Exists\"\n effect: \"NoExecute\"\n serviceAccountName: calico-node\n terminationGracePeriodSeconds: 0\n containers:\n # Runs calico/node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,bgp\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPV6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Set MTU for tunnel device used if ipip is enabled\n - name: FELIX_IPINIPMTU\n value: \"1440\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"{{.ClusterCIDR}}\"\n # Enable IPIP\n - name: CALICO_IPV4POOL_IPIP\n value: \"Always\"\n # Enable IP-in-IP within Felix.\n - name: FELIX_IPINIPENABLED\n value: \"true\"\n # Typha support: controlled by the ConfigMap.\n - name: FELIX_TYPHAK8SSERVICENAME\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: typha_service_name\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Auto-detect the BGP IP address.\n - name: IP\n value: \"autodetect\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n # This container installs the Calico CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: calico-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n volumes:\n # Used by calico/node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n\n# Create all the CustomResourceDefinitions needed for\n# Calico policy and networking mode.\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n\n---\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgppeers.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPPeer\n plural: bgppeers\n singular: bgppeer\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: calico-node\n namespace: kube-system\n\n\n{{if ne .CloudProvider \"none\"}}\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: {{.CloudProvider}}-ippool\n namespace: kube-system\ndata:\n {{.CloudProvider}}-ippool: |-\n apiVersion: projectcalico.org/v3\n kind: IPPool\n metadata:\n name: ippool-ipip-1\n spec:\n cidr: {{.ClusterCIDR}}\n ipipMode: Always\n natOutgoing: true\n---\napiVersion: v1\nkind: Pod\nmetadata:\n name: calicoctl\n namespace: kube-system\nspec:\n hostNetwork: true\n restartPolicy: OnFailure\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: calicoctl\n image: {{.Calicoctl}}\n command: [\"/bin/sh\", \"-c\", \"calicoctl apply -f {{.CloudProvider}}-ippool.yaml\"]\n env:\n - name: DATASTORE_TYPE\n value: kubernetes\n volumeMounts:\n - name: ippool-config\n mountPath: /root/\n volumes:\n - name: ippool-config\n configMap:\n name: {{.CloudProvider}}-ippool\n items:\n - key: {{.CloudProvider}}-ippool\n path: {{.CloudProvider}}-ippool.yaml\n # Mount in the etcd TLS secrets.\n{{end}}\n", "canal-v1.13": "\n{{if eq .RBACConfig \"rbac\"}}\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Flannel ClusterRole\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: flannel\nrules:\n - apiGroups:\n - \"\"\n resources:\n - pods\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - nodes/status\n verbs:\n - patch\n---\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: canal-flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n---\n# Bind the Calico ClusterRole to the canal ServiceAccount.\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: canal-calico\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n\n# Canal Version v3.1.1\n# https://docs.projectcalico.org/v3.1/releases#v3.1.1\n# This manifest includes the following component versions:\n# calico/node:v3.1.1\n# calico/cni:v3.1.1\n# coreos/flannel:v0.9.1\n\n---\n# This ConfigMap is used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n \"mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\"\n }\n }\n---\n\n# This manifest installs the calico/node container, as well\n# as the Calico CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Make sure canal gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n serviceAccountName: canal\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container installs the Calico CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-canal.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n containers:\n # Runs calico/node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # No IP address needed.\n - name: IP\n value: \"\"\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"192.168.0.0/16\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n host: localhost\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n volumes:\n # Used by calico/node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used by flannel.\n - name: flannel-cfg\n configMap:\n name: canal-config\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n\n---\n\n# Create all the CustomResourceDefinitions needed for\n# Calico policy and networking mode.\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n", "canal-v1.15": "\n{{if eq .RBACConfig \"rbac\"}}\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Flannel ClusterRole\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: flannel\nrules:\n - apiGroups:\n - \"\"\n resources:\n - pods\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - nodes/status\n verbs:\n - patch\n---\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: canal-flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n---\n# Bind the Calico ClusterRole to the canal ServiceAccount.\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: canal-calico\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n\n# Canal Version v3.1.1\n# https://docs.projectcalico.org/v3.1/releases#v3.1.1\n# This manifest includes the following component versions:\n# calico/node:v3.1.1\n# calico/cni:v3.1.1\n# coreos/flannel:v0.9.1\n\n---\n# This ConfigMap is used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n \"mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\"\n }\n }\n---\n\n# This manifest installs the calico/node container, as well\n# as the Calico CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Make sure canal gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: canal\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container installs the Calico CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-canal.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n containers:\n # Runs calico/node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Configure route aggregation based on pod CIDR.\n - name: USE_POD_CIDR\n value: \"true\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # No IP address needed.\n - name: IP\n value: \"\"\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"192.168.0.0/16\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n host: localhost\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n volumes:\n # Used by calico/node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used by flannel.\n - name: flannel-cfg\n configMap:\n name: canal-config\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n\n---\n\n# Create all the CustomResourceDefinitions needed for\n# Calico policy and networking mode.\n\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n", - "canal-v1.16": "\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n \"mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\",\n \"k8s_auth_token\": \"__SERVICEACCOUNT_TOKEN__\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\"\n }\n }\n\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\n# Flannel ClusterRole\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nrules:\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n - patch\n---\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the canal container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Tolerate this effect so the pods will be schedulable at all times\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n - key: \"node-role.kubernetes.io/controlplane\"\n operator: \"Exists\"\n effect: \"NoSchedule\"\n - key: \"node-role.kubernetes.io/etcd\"\n operator: \"Exists\"\n effect: \"NoExecute\"\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: canal\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-canal.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n containers:\n # Runs canal container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Configure route aggregation based on pod CIDR.\n - name: USE_POD_CIDR\n value: \"true\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # No IP address needed.\n - name: IP\n value: \"\"\n - name: CALICO_IPV4POOL_CIDR\n value: \"192.168.0.0/16\"\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n host: localhost\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n volumes:\n # Used by canal.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used by flannel.\n - name: flannel-cfg\n configMap:\n name: canal-config\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n", - "canal-v1.17": "\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n \"mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\",\n \"k8s_auth_token\": \"__SERVICEACCOUNT_TOKEN__\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\"\n }\n }\n\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n - blockaffinities\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\n# Flannel ClusterRole\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nrules:\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n - patch\n---\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the canal container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Tolerate this effect so the pods will be schedulable at all times\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n - key: \"node-role.kubernetes.io/controlplane\"\n operator: \"Exists\"\n effect: \"NoSchedule\"\n - key: \"node-role.kubernetes.io/etcd\"\n operator: \"Exists\"\n effect: \"NoExecute\"\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: canal\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-canal.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n containers:\n # Runs canal container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Configure route aggregation based on pod CIDR.\n - name: USE_POD_CIDR\n value: \"true\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # No IP address needed.\n - name: IP\n value: \"\"\n - name: CALICO_IPV4POOL_CIDR\n value: \"192.168.0.0/16\"\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n host: localhost\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n volumes:\n # Used by canal.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used by flannel.\n - name: flannel-cfg\n configMap:\n name: canal-config\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n", + "canal-v1.15-privileged": "\n{{if eq .RBACConfig \"rbac\"}}\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: calico-node\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\n# Flannel ClusterRole\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: flannel\nrules:\n - apiGroups:\n - \"\"\n resources:\n - pods\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - nodes/status\n verbs:\n - patch\n---\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: canal-flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n---\n# Bind the Calico ClusterRole to the canal ServiceAccount.\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: canal-calico\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n\n# Canal Version v3.1.1\n# https://docs.projectcalico.org/v3.1/releases#v3.1.1\n# This manifest includes the following component versions:\n# calico/node:v3.1.1\n# calico/cni:v3.1.1\n# coreos/flannel:v0.9.1\n\n---\n# This ConfigMap is used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n \"mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\"\n }\n }\n---\n\n# This manifest installs the calico/node container, as well\n# as the Calico CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Make sure canal gets scheduled on all nodes.\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: canal\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n initContainers:\n # This container installs the Calico CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-canal.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n securityContext:\n privileged: true\n containers:\n # Runs calico/node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Configure route aggregation based on pod CIDR.\n - name: USE_POD_CIDR\n value: \"true\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # No IP address needed.\n - name: IP\n value: \"\"\n # The default IPv4 pool to create on startup if none exists. Pod IPs will be\n # chosen from this range. Changing this value after installation will have\n # no effect. This should fall within --cluster-cidr.\n - name: CALICO_IPV4POOL_CIDR\n value: \"192.168.0.0/16\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n host: localhost\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n volumes:\n # Used by calico/node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used by flannel.\n - name: flannel-cfg\n configMap:\n name: canal-config\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n\n---\n\n# Create all the CustomResourceDefinitions needed for\n# Calico policy and networking mode.\n\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n", + "canal-v1.16": "\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n \"mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\",\n \"k8s_auth_token\": \"__SERVICEACCOUNT_TOKEN__\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\"\n }\n }\n\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\n# Flannel ClusterRole\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nrules:\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n - patch\n---\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the canal container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Tolerate this effect so the pods will be schedulable at all times\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n - key: \"node-role.kubernetes.io/controlplane\"\n operator: \"Exists\"\n effect: \"NoSchedule\"\n - key: \"node-role.kubernetes.io/etcd\"\n operator: \"Exists\"\n effect: \"NoExecute\"\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: canal\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-canal.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n containers:\n # Runs canal container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Configure route aggregation based on pod CIDR.\n - name: USE_POD_CIDR\n value: \"true\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # No IP address needed.\n - name: IP\n value: \"\"\n - name: CALICO_IPV4POOL_CIDR\n value: \"192.168.0.0/16\"\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n host: localhost\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n volumes:\n # Used by canal.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used by flannel.\n - name: flannel-cfg\n configMap:\n name: canal-config\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n{{- if .FlexVolPluginDir }}\n path: {{.FlexVolPluginDir}}\n{{- else }}\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n{{- end }}\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n", + "canal-v1.17": "\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n \"mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\",\n \"k8s_auth_token\": \"__SERVICEACCOUNT_TOKEN__\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\"\n }\n }\n\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n - blockaffinities\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\n# Flannel ClusterRole\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nrules:\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n - patch\n---\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the canal container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Tolerate this effect so the pods will be schedulable at all times\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n - key: \"node-role.kubernetes.io/controlplane\"\n operator: \"Exists\"\n effect: \"NoSchedule\"\n - key: \"node-role.kubernetes.io/etcd\"\n operator: \"Exists\"\n effect: \"NoExecute\"\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: canal\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-canal.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n containers:\n # Runs canal container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Configure route aggregation based on pod CIDR.\n - name: USE_POD_CIDR\n value: \"true\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # No IP address needed.\n - name: IP\n value: \"\"\n - name: CALICO_IPV4POOL_CIDR\n value: \"192.168.0.0/16\"\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n host: localhost\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n volumes:\n # Used by canal.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used by flannel.\n - name: flannel-cfg\n configMap:\n name: canal-config\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n{{- if .FlexVolPluginDir }}\n path: {{.FlexVolPluginDir}}\n{{- else }}\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n{{- end }}\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n", + "canal-v1.17-privileged": "\n---\n# Source: calico/templates/calico-config.yaml\n# This ConfigMap is used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # Typha is disabled.\n typha_service_name: \"none\"\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node. The special\n # values in this config will be automatically populated.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.1\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n{{- if .MTU }}\n{{- if ne .MTU 0 }}\n \"mtu\": {{.MTU}},\n{{- end}}\n{{- end}}\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\",\n \"k8s_auth_token\": \"__SERVICEACCOUNT_TOKEN__\"\n },\n \"kubernetes\": {\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\"\n }\n }\n\n---\n# Source: calico/templates/kdd-crds.yaml\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networksets.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkSet\n plural: networksets\n singular: networkset\n{{if eq .RBACConfig \"rbac\"}}\n---\n# Source: calico/templates/rbac.yaml\n\n# Include a clusterrole for the calico-node DaemonSet,\n# and bind it to the calico-node serviceaccount.\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: calico-node\nrules:\n # The CNI plugin needs to get pods, nodes, and namespaces.\n - apiGroups: [\"\"]\n resources:\n - pods\n - nodes\n - namespaces\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n - services\n verbs:\n # Used to discover service IPs for advertisement.\n - watch\n - list\n # Used to discover Typhas.\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n # Needed for clearing NodeNetworkUnavailable flag.\n - patch\n # Calico stores some configuration information in node annotations.\n - update\n # Watch for changes to Kubernetes NetworkPolicies.\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - watch\n - list\n # Used by Calico for policy information.\n - apiGroups: [\"\"]\n resources:\n - pods\n - namespaces\n - serviceaccounts\n verbs:\n - list\n - watch\n # The CNI plugin patches pods/status.\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - patch\n # Calico monitors various CRDs for config.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - ipamblocks\n - globalnetworkpolicies\n - globalnetworksets\n - networkpolicies\n - networksets\n - clusterinformations\n - hostendpoints\n - blockaffinities\n verbs:\n - get\n - list\n - watch\n # Calico must create and update some CRDs on startup.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - ippools\n - felixconfigurations\n - clusterinformations\n verbs:\n - create\n - update\n # Calico stores some configuration information on the node.\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - watch\n # These permissions are only requried for upgrade from v2.6, and can\n # be removed after upgrade or on fresh installations.\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - bgpconfigurations\n - bgppeers\n verbs:\n - create\n - update\n---\n# Flannel ClusterRole\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nrules:\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups: [\"\"]\n resources:\n - nodes/status\n verbs:\n - patch\n---\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: calico-node\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico-node\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n---\n# Source: calico/templates/calico-node.yaml\n# This manifest installs the canal container, as well\n# as the CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: apps/v1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n # This, along with the CriticalAddonsOnly toleration below,\n # marks the pod as a critical add-on, ensuring it gets\n # priority scheduling and that its resources are reserved\n # if it ever gets evicted.\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n tolerations:\n # Tolerate this effect so the pods will be schedulable at all times\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n - key: \"node-role.kubernetes.io/controlplane\"\n operator: \"Exists\"\n effect: \"NoSchedule\"\n - key: \"node-role.kubernetes.io/etcd\"\n operator: \"Exists\"\n effect: \"NoExecute\"\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: canal\n {{end}}\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n priorityClassName: system-node-critical\n initContainers:\n # This container installs the CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n # Name of the CNI config file to create.\n - name: CNI_CONF_NAME\n value: \"10-canal.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n # Set the hostname based on the k8s node name.\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Prevents the container from sleeping forever.\n - name: SLEEP\n value: \"false\"\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n securityContext:\n privileged: true\n # Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes\n # to communicate with Felix over the Policy Sync API.\n - name: flexvol-driver\n image: {{.FlexVolImg}}\n volumeMounts:\n - name: flexvol-driver-host\n mountPath: /host/driver\n securityContext:\n privileged: true\n containers:\n # Runs canal container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Configure route aggregation based on pod CIDR.\n - name: USE_POD_CIDR\n value: \"true\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # Set based on the k8s node name.\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # No IP address needed.\n - name: IP\n value: \"\"\n - name: CALICO_IPV4POOL_CIDR\n value: \"192.168.0.0/16\"\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n # Disable IPv6 on Kubernetes.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n host: localhost\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n host: localhost\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n - name: policysync\n mountPath: /var/run/nodeagent\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n volumes:\n # Used by canal.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n # Used by flannel.\n - name: flannel-cfg\n configMap:\n name: canal-config\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Used to create per-pod Unix Domain Sockets\n - name: policysync\n hostPath:\n type: DirectoryOrCreate\n path: /var/run/nodeagent\n # Used to install Flex Volume Driver\n - name: flexvol-driver-host\n hostPath:\n type: DirectoryOrCreate\n{{- if .FlexVolPluginDir }}\n path: {{.FlexVolPluginDir}}\n{{- else }}\n path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds\n{{- end }}\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n", "canal-v1.8": "\n{{if eq .RBACConfig \"rbac\"}}\n# Calico Roles\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: calico\nrules:\n - apiGroups: [\"\"]\n resources:\n - namespaces\n verbs:\n - get\n - list\n - watch\n - apiGroups: [\"\"]\n resources:\n - pods/status\n verbs:\n - update\n - apiGroups: [\"\"]\n resources:\n - pods\n verbs:\n - get\n - list\n - watch\n - patch\n - apiGroups: [\"\"]\n resources:\n - services\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - endpoints\n verbs:\n - get\n - apiGroups: [\"\"]\n resources:\n - nodes\n verbs:\n - get\n - list\n - update\n - watch\n - apiGroups: [\"networking.k8s.io\"]\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - apiGroups: [\"crd.projectcalico.org\"]\n resources:\n - globalfelixconfigs\n - felixconfigurations\n - bgppeers\n - globalbgpconfigs\n - bgpconfigurations\n - ippools\n - globalnetworkpolicies\n - networkpolicies\n - clusterinformations\n - hostendpoints\n - globalnetworksets\n verbs:\n - create\n - get\n - list\n - update\n - watch\n\n---\n\n# Flannel roles\n# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: flannel\nrules:\n - apiGroups:\n - \"\"\n resources:\n - pods\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - nodes/status\n verbs:\n - patch\n---\n\n# Bind the flannel ClusterRole to the canal ServiceAccount.\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1beta1\nmetadata:\n name: canal-flannel\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: flannel\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n\n---\n\n# Bind the calico ClusterRole to the canal ServiceAccount.\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: canal-calico\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: calico\nsubjects:\n- kind: ServiceAccount\n name: canal\n namespace: kube-system\n- apiGroup: rbac.authorization.k8s.io\n kind: Group\n name: system:nodes\n{{end}}\n\n# Canal Version v3.1.1\n# https://docs.projectcalico.org/v3.1/releases#v3.1.1\n# This manifest includes the following component versions:\n# calico/node:v3.1.1\n# calico/cni:v3.1.1\n# coreos/flannel:v0.9.1\n\n---\n# This ConfigMap can be used to configure a self-hosted Canal installation.\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: canal-config\n namespace: kube-system\ndata:\n # The interface used by canal for host \u003c-\u003e host communication.\n # If left blank, then the interface is chosen using the node's\n # default route.\n canal_iface: \"{{.CanalInterface}}\"\n\n # Whether or not to masquerade traffic to destinations not within\n # the pod network.\n masquerade: \"true\"\n\n # The CNI network configuration to install on each node.\n cni_network_config: |-\n {\n \"name\": \"k8s-pod-network\",\n \"cniVersion\": \"0.3.0\",\n \"plugins\": [\n {\n \"type\": \"calico\",\n \"log_level\": \"WARNING\",\n \"datastore_type\": \"kubernetes\",\n \"nodename\": \"__KUBERNETES_NODE_NAME__\",\n \"ipam\": {\n \"type\": \"host-local\",\n \"subnet\": \"usePodCidr\"\n },\n \"policy\": {\n \"type\": \"k8s\",\n \"k8s_auth_token\": \"__SERVICEACCOUNT_TOKEN__\"\n },\n \"kubernetes\": {\n \"k8s_api_root\": \"https://__KUBERNETES_SERVICE_HOST__:__KUBERNETES_SERVICE_PORT__\",\n \"kubeconfig\": \"{{.KubeCfg}}\"\n }\n },\n {\n \"type\": \"portmap\",\n \"snat\": true,\n \"capabilities\": {\"portMappings\": true}\n }\n ]\n }\n\n # Flannel network configuration. Mounted into the flannel container.\n net-conf.json: |\n {\n \"Network\": \"{{.ClusterCIDR}}\",\n \"Backend\": {\n \"Type\": \"{{.FlannelBackend.Type}}\",\n \"VNI\": {{.FlannelBackend.VNI}},\n \"Port\": {{.FlannelBackend.Port}}\n }\n }\n\n---\n\n# This manifest installs the calico/node container, as well\n# as the Calico CNI plugins and network config on\n# each master and worker node in a Kubernetes cluster.\nkind: DaemonSet\napiVersion: extensions/v1beta1\nmetadata:\n name: canal\n namespace: kube-system\n labels:\n k8s-app: canal\nspec:\n selector:\n matchLabels:\n k8s-app: canal\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n template:\n metadata:\n labels:\n k8s-app: canal\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n serviceAccountName: canal\n tolerations:\n # Tolerate this effect so the pods will be schedulable at all times\n - effect: NoSchedule\n operator: Exists\n # Mark the pod as a critical add-on for rescheduling.\n - key: CriticalAddonsOnly\n operator: Exists\n - effect: NoExecute\n operator: Exists\n - key: \"node-role.kubernetes.io/controlplane\"\n operator: \"Exists\"\n effect: \"NoSchedule\"\n - key: \"node-role.kubernetes.io/etcd\"\n operator: \"Exists\"\n effect: \"NoExecute\"\n # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a \"force\n # deletion\": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.\n terminationGracePeriodSeconds: 0\n containers:\n # Runs calico/node container on each Kubernetes node. This\n # container programs network policy and routes on each\n # host.\n - name: calico-node\n image: {{.NodeImage}}\n env:\n # Use Kubernetes API as the backing datastore.\n - name: DATASTORE_TYPE\n value: \"kubernetes\"\n # Disable felix logging to file\n - name: FELIX_LOGFILEPATH\n value: \"none\"\n # Disable felix logging for syslog\n - name: FELIX_LOGSEVERITYSYS\n value: \"\"\n # Enable felix logging to stdout\n - name: FELIX_LOGSEVERITYSCREEN\n value: \"Warning\"\n # Don't enable BGP.\n - name: CALICO_NETWORKING_BACKEND\n value: \"none\"\n # Cluster type to identify the deployment type\n - name: CLUSTER_TYPE\n value: \"k8s,canal\"\n # Disable file logging so kubectl logs works.\n - name: CALICO_DISABLE_FILE_LOGGING\n value: \"true\"\n # Period, in seconds, at which felix re-applies all iptables state\n - name: FELIX_IPTABLESREFRESHINTERVAL\n value: \"60\"\n # Disable IPV6 support in Felix.\n - name: FELIX_IPV6SUPPORT\n value: \"false\"\n # Wait for the datastore.\n - name: WAIT_FOR_DATASTORE\n value: \"true\"\n # No IP address needed.\n - name: IP\n value: \"\"\n - name: NODENAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n # Set Felix endpoint to host default action to ACCEPT.\n - name: FELIX_DEFAULTENDPOINTTOHOSTACTION\n value: \"ACCEPT\"\n - name: FELIX_HEALTHENABLED\n value: \"true\"\n securityContext:\n privileged: true\n resources:\n requests:\n cpu: 250m\n livenessProbe:\n httpGet:\n path: /liveness\n port: 9099\n periodSeconds: 10\n initialDelaySeconds: 10\n failureThreshold: 6\n readinessProbe:\n httpGet:\n path: /readiness\n port: 9099\n periodSeconds: 10\n volumeMounts:\n - mountPath: /lib/modules\n name: lib-modules\n readOnly: true\n - mountPath: /var/run/calico\n name: var-run-calico\n readOnly: false\n - mountPath: /var/lib/calico\n name: var-lib-calico\n readOnly: false\n # This container installs the Calico CNI binaries\n # and CNI network config file on each node.\n - name: install-cni\n image: {{.CNIImage}}\n command: [\"/install-cni.sh\"]\n env:\n - name: CNI_CONF_NAME\n value: \"10-calico.conflist\"\n # The CNI network config to install on each node.\n - name: CNI_NETWORK_CONFIG\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: cni_network_config\n - name: KUBERNETES_NODE_NAME\n valueFrom:\n fieldRef:\n fieldPath: spec.nodeName\n volumeMounts:\n - mountPath: /host/opt/cni/bin\n name: cni-bin-dir\n - mountPath: /host/etc/cni/net.d\n name: cni-net-dir\n # This container runs flannel using the kube-subnet-mgr backend\n # for allocating subnets.\n - name: kube-flannel\n image: {{.CanalFlannelImg}}\n command: [ \"/opt/bin/flanneld\", \"--ip-masq\", \"--kube-subnet-mgr\" ]\n securityContext:\n privileged: true\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n - name: FLANNELD_IFACE\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: canal_iface\n - name: FLANNELD_IP_MASQ\n valueFrom:\n configMapKeyRef:\n name: canal-config\n key: masquerade\n volumeMounts:\n - name: run\n mountPath: /run\n - name: flannel-cfg\n mountPath: /etc/kube-flannel/\n - name: xtables-lock\n mountPath: /run/xtables.lock\n readOnly: false\n volumes:\n # Used by calico/node.\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: var-run-calico\n hostPath:\n path: /var/run/calico\n - name: var-lib-calico\n hostPath:\n path: /var/lib/calico\n # Used to install CNI.\n - name: cni-bin-dir\n hostPath:\n path: /opt/cni/bin\n - name: cni-net-dir\n hostPath:\n path: /etc/cni/net.d\n # Used by flannel.\n - name: run\n hostPath:\n path: /run\n - name: flannel-cfg\n configMap:\n name: canal-config\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n\n# Create all the CustomResourceDefinitions needed for\n# Calico policy-only mode.\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: felixconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: FelixConfiguration\n plural: felixconfigurations\n singular: felixconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: bgpconfigurations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: BGPConfiguration\n plural: bgpconfigurations\n singular: bgpconfiguration\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: ippools.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: IPPool\n plural: ippools\n singular: ippool\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: clusterinformations.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: ClusterInformation\n plural: clusterinformations\n singular: clusterinformation\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworkpolicies.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkPolicy\n plural: globalnetworkpolicies\n singular: globalnetworkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: networkpolicies.crd.projectcalico.org\nspec:\n scope: Namespaced\n group: crd.projectcalico.org\n version: v1\n names:\n kind: NetworkPolicy\n plural: networkpolicies\n singular: networkpolicy\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: globalnetworksets.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: GlobalNetworkSet\n plural: globalnetworksets\n singular: globalnetworkset\n\n---\n\napiVersion: apiextensions.k8s.io/v1beta1\nkind: CustomResourceDefinition\nmetadata:\n name: hostendpoints.crd.projectcalico.org\nspec:\n scope: Cluster\n group: crd.projectcalico.org\n version: v1\n names:\n kind: HostEndpoint\n plural: hostendpoints\n singular: hostendpoint\n\n---\n\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: canal\n namespace: kube-system\n", "coredns-v1.16": "\n---\n{{- if eq .RBACConfig \"rbac\"}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: coredns\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:coredns\nrules:\n- apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:coredns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:coredns\nsubjects:\n- kind: ServiceAccount\n name: coredns\n namespace: kube-system\n{{- end }}\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: coredns\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health\n ready\n kubernetes {{.ClusterDomain}} {{ if .ReverseCIDRs }}{{ .ReverseCIDRs }}{{ else }}{{ \"in-addr.arpa ip6.arpa\" }}{{ end }} {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n\t{{- if .UpstreamNameservers }}\n forward . {{range $i, $v := .UpstreamNameservers}}{{if $i}} {{end}}{{.}}{{end}}\n\t{{- else }}\n forward . \"/etc/resolv.conf\"\n\t{{- end }}\n cache 30\n loop\n reload\n loadbalance\n }\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: coredns\n namespace: kube-system\n labels:\n k8s-app: kube-dns\n kubernetes.io/name: \"CoreDNS\"\nspec:\n strategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n selector:\n matchLabels:\n k8s-app: kube-dns\n template:\n metadata:\n labels:\n k8s-app: kube-dns\n annotations:\n seccomp.security.alpha.kubernetes.io/pod: 'docker/default'\n spec:\n priorityClassName: system-cluster-critical\n{{- if eq .RBACConfig \"rbac\"}}\n serviceAccountName: coredns\n{{- end }}\n tolerations:\n - key: \"CriticalAddonsOnly\"\n operator: \"Exists\"\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: node-role.kubernetes.io/worker\n operator: Exists\n containers:\n - name: coredns\n image: {{.CoreDNSImage}}\n imagePullPolicy: IfNotPresent\n resources:\n limits:\n memory: 170Mi\n requests:\n cpu: 100m\n memory: 70Mi\n args: [ \"-conf\", \"/etc/coredns/Corefile\" ]\n volumeMounts:\n - name: config-volume\n mountPath: /etc/coredns\n readOnly: true\n ports:\n - containerPort: 53\n name: dns\n protocol: UDP\n - containerPort: 53\n name: dns-tcp\n protocol: TCP\n - containerPort: 9153\n name: metrics\n protocol: TCP\n livenessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 60\n timeoutSeconds: 5\n successThreshold: 1\n failureThreshold: 5\n readinessProbe:\n httpGet:\n path: /ready\n port: 8181\n scheme: HTTP\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_BIND_SERVICE\n drop:\n - all\n readOnlyRootFilesystem: true\n dnsPolicy: Default\n volumes:\n - name: config-volume\n configMap:\n name: coredns\n items:\n - key: Corefile\n path: Corefile\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: kube-dns\n namespace: kube-system\n annotations:\n prometheus.io/port: \"9153\"\n prometheus.io/scrape: \"true\"\n labels:\n k8s-app: kube-dns\n kubernetes.io/cluster-service: \"true\"\n kubernetes.io/name: \"CoreDNS\"\nspec:\n selector:\n k8s-app: kube-dns\n clusterIP: {{.ClusterDNSServer}}\n ports:\n - name: dns\n port: 53\n protocol: UDP\n - name: dns-tcp\n port: 53\n protocol: TCP\n - name: metrics\n port: 9153\n protocol: TCP\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: coredns-autoscaler\n namespace: kube-system\n labels:\n k8s-app: coredns-autoscaler\nspec:\n selector:\n matchLabels:\n k8s-app: coredns-autoscaler\n template:\n metadata:\n labels:\n k8s-app: coredns-autoscaler\n spec:\n{{- if eq .RBACConfig \"rbac\"}}\n serviceAccountName: coredns-autoscaler\n{{- end }}\n nodeSelector:\n beta.kubernetes.io/os: linux\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: node-role.kubernetes.io/worker\n operator: Exists\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: autoscaler\n image: {{.CoreDNSAutoScalerImage}}\n resources:\n requests:\n cpu: \"20m\"\n memory: \"10Mi\"\n command:\n - /cluster-proportional-autoscaler\n - --namespace=kube-system\n - --configmap=coredns-autoscaler\n - --target=Deployment/coredns\n # When cluster is using large nodes(with more cores), \"coresPerReplica\" should dominate.\n # If using small nodes, \"nodesPerReplica\" should dominate.\n{{if .LinearAutoscalerParams}}\n - --default-params={\"linear\":{{.LinearAutoscalerParams}}}\n{{else}}\n - --default-params={\"linear\":{\"coresPerReplica\":128,\"nodesPerReplica\":4,\"min\":1,\"preventSinglePointFailure\":true}}\n{{end}}\n - --logtostderr=true\n - --v=2\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: coredns-autoscaler\n namespace: kube-system\n---\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: system:coredns-autoscaler\nrules:\n - apiGroups: [\"\"]\n resources: [\"nodes\"]\n verbs: [\"list\", \"watch\"]\n - apiGroups: [\"\"]\n resources: [\"replicationcontrollers/scale\"]\n verbs: [\"get\", \"update\"]\n - apiGroups: [\"extensions\",\"apps\"]\n resources: [\"deployments/scale\", \"replicasets/scale\"]\n verbs: [\"get\", \"update\"]\n - apiGroups: [\"\"]\n resources: [\"configmaps\"]\n verbs: [\"get\", \"create\"]\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: system:coredns-autoscaler\nsubjects:\n - kind: ServiceAccount\n name: coredns-autoscaler\n namespace: kube-system\nroleRef:\n kind: ClusterRole\n name: system:coredns-autoscaler\n apiGroup: rbac.authorization.k8s.io\n{{- end }}", "coredns-v1.17": "\n---\n{{- if eq .RBACConfig \"rbac\"}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: coredns\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:coredns\nrules:\n- apiGroups:\n - \"\"\n resources:\n - endpoints\n - services\n - pods\n - namespaces\n verbs:\n - list\n - watch\n- apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n annotations:\n rbac.authorization.kubernetes.io/autoupdate: \"true\"\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n name: system:coredns\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:coredns\nsubjects:\n- kind: ServiceAccount\n name: coredns\n namespace: kube-system\n{{- end }}\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: coredns\n namespace: kube-system\ndata:\n Corefile: |\n .:53 {\n errors\n health {\n lameduck 5s\n }\n ready\n kubernetes {{.ClusterDomain}} {{ if .ReverseCIDRs }}{{ .ReverseCIDRs }}{{ else }}{{ \"in-addr.arpa ip6.arpa\" }}{{ end }} {\n pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n prometheus :9153\n\t{{- if .UpstreamNameservers }}\n forward . {{range $i, $v := .UpstreamNameservers}}{{if $i}} {{end}}{{.}}{{end}}\n\t{{- else }}\n forward . \"/etc/resolv.conf\"\n\t{{- end }}\n cache 30\n loop\n reload\n loadbalance\n }\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: coredns\n namespace: kube-system\n labels:\n k8s-app: kube-dns\n kubernetes.io/name: \"CoreDNS\"\nspec:\n replicas: 1\n strategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n type: RollingUpdate\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n selector:\n matchLabels:\n k8s-app: kube-dns\n template:\n metadata:\n labels:\n k8s-app: kube-dns\n annotations:\n seccomp.security.alpha.kubernetes.io/pod: 'docker/default'\n spec:\n priorityClassName: system-cluster-critical\n{{- if eq .RBACConfig \"rbac\"}}\n serviceAccountName: coredns\n{{- end }}\n tolerations:\n - key: \"CriticalAddonsOnly\"\n operator: \"Exists\"\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n nodeSelector:\n beta.kubernetes.io/os: linux\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: node-role.kubernetes.io/worker\n operator: Exists\n podAntiAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n - labelSelector:\n matchExpressions:\n - key: k8s-app\n operator: In\n values: [\"kube-dns\"]\n topologyKey: kubernetes.io/hostname\n containers:\n - name: coredns\n image: {{.CoreDNSImage}}\n imagePullPolicy: IfNotPresent\n resources:\n limits:\n memory: 170Mi\n requests:\n cpu: 100m\n memory: 70Mi\n args: [ \"-conf\", \"/etc/coredns/Corefile\" ]\n volumeMounts:\n - name: config-volume\n mountPath: /etc/coredns\n readOnly: true\n ports:\n - containerPort: 53\n name: dns\n protocol: UDP\n - containerPort: 53\n name: dns-tcp\n protocol: TCP\n - containerPort: 9153\n name: metrics\n protocol: TCP\n livenessProbe:\n httpGet:\n path: /health\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 60\n timeoutSeconds: 5\n successThreshold: 1\n failureThreshold: 5\n readinessProbe:\n httpGet:\n path: /ready\n port: 8181\n scheme: HTTP\n securityContext:\n allowPrivilegeEscalation: false\n capabilities:\n add:\n - NET_BIND_SERVICE\n drop:\n - all\n readOnlyRootFilesystem: true\n dnsPolicy: Default\n volumes:\n - name: config-volume\n configMap:\n name: coredns\n items:\n - key: Corefile\n path: Corefile\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: kube-dns\n namespace: kube-system\n annotations:\n prometheus.io/port: \"9153\"\n prometheus.io/scrape: \"true\"\n labels:\n k8s-app: kube-dns\n kubernetes.io/cluster-service: \"true\"\n kubernetes.io/name: \"CoreDNS\"\nspec:\n selector:\n k8s-app: kube-dns\n clusterIP: {{.ClusterDNSServer}}\n ports:\n - name: dns\n port: 53\n protocol: UDP\n - name: dns-tcp\n port: 53\n protocol: TCP\n - name: metrics\n port: 9153\n protocol: TCP\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: coredns-autoscaler\n namespace: kube-system\n labels:\n k8s-app: coredns-autoscaler\nspec:\n selector:\n matchLabels:\n k8s-app: coredns-autoscaler\n template:\n metadata:\n labels:\n k8s-app: coredns-autoscaler\n spec:\n{{- if eq .RBACConfig \"rbac\"}}\n serviceAccountName: coredns-autoscaler\n{{- end }}\n nodeSelector:\n beta.kubernetes.io/os: linux\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: node-role.kubernetes.io/worker\n operator: Exists\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: autoscaler\n image: {{.CoreDNSAutoScalerImage}}\n resources:\n requests:\n cpu: \"20m\"\n memory: \"10Mi\"\n command:\n - /cluster-proportional-autoscaler\n - --namespace=kube-system\n - --configmap=coredns-autoscaler\n - --target=Deployment/coredns\n # When cluster is using large nodes(with more cores), \"coresPerReplica\" should dominate.\n # If using small nodes, \"nodesPerReplica\" should dominate.\n{{if .LinearAutoscalerParams}}\n - --default-params={\"linear\":{{.LinearAutoscalerParams}}}\n{{else}}\n - --default-params={\"linear\":{\"coresPerReplica\":128,\"nodesPerReplica\":4,\"min\":1,\"preventSinglePointFailure\":true}}\n{{end}}\n - --nodelabels=node-role.kubernetes.io/worker=true,beta.kubernetes.io/os=linux\n - --logtostderr=true\n - --v=2\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: coredns-autoscaler\n namespace: kube-system\n---\nkind: ClusterRole\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: system:coredns-autoscaler\nrules:\n - apiGroups: [\"\"]\n resources: [\"nodes\"]\n verbs: [\"list\", \"watch\"]\n - apiGroups: [\"\"]\n resources: [\"replicationcontrollers/scale\"]\n verbs: [\"get\", \"update\"]\n - apiGroups: [\"extensions\",\"apps\"]\n resources: [\"deployments/scale\", \"replicasets/scale\"]\n verbs: [\"get\", \"update\"]\n - apiGroups: [\"\"]\n resources: [\"configmaps\"]\n verbs: [\"get\", \"create\"]\n---\nkind: ClusterRoleBinding\napiVersion: rbac.authorization.k8s.io/v1\nmetadata:\n name: system:coredns-autoscaler\nsubjects:\n - kind: ServiceAccount\n name: coredns-autoscaler\n namespace: kube-system\nroleRef:\n kind: ClusterRole\n name: system:coredns-autoscaler\n apiGroup: rbac.authorization.k8s.io\n{{- end }}", @@ -3783,6 +3897,7 @@ "metricsserver-v1.8": "\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: metrics-server:system:auth-delegator\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:auth-delegator\nsubjects:\n- kind: ServiceAccount\n name: metrics-server\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: metrics-server-auth-reader\n namespace: kube-system\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: Role\n name: extension-apiserver-authentication-reader\nsubjects:\n- kind: ServiceAccount\n name: metrics-server\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRole\nmetadata:\n name: system:metrics-server\nrules:\n- apiGroups:\n - \"\"\n resources:\n - pods\n - nodes\n - nodes/stats\n - namespaces\n verbs:\n - get\n - list\n - watch\n- apiGroups:\n - \"extensions\"\n resources:\n - deployments\n verbs:\n - get\n - list\n - watch\n---\napiVersion: rbac.authorization.k8s.io/v1\nkind: ClusterRoleBinding\nmetadata:\n name: system:metrics-server\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: system:metrics-server\nsubjects:\n- kind: ServiceAccount\n name: metrics-server\n namespace: kube-system\n{{- end }}\n---\napiVersion: apiregistration.k8s.io/v1beta1\nkind: APIService\nmetadata:\n name: v1beta1.metrics.k8s.io\nspec:\n service:\n name: metrics-server\n namespace: kube-system\n group: metrics.k8s.io\n version: v1beta1\n insecureSkipTLSVerify: true\n groupPriorityMinimum: 100\n versionPriority: 100\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: metrics-server\n namespace: kube-system\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: metrics-server\n namespace: kube-system\n labels:\n k8s-app: metrics-server\nspec:\n{{if .Replicas}}\n replicas: {{.Replicas}}\n{{end}}\n selector:\n matchLabels:\n k8s-app: metrics-server\n{{if .UpdateStrategy}}\n strategy:\n{{ toYaml .UpdateStrategy | indent 4}}\n{{end}}\n template:\n metadata:\n name: metrics-server\n labels:\n k8s-app: metrics-server\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n serviceAccountName: metrics-server\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: metrics-server\n image: {{ .MetricsServerImage }}\n imagePullPolicy: Always\n command:\n - /metrics-server\n {{- if eq .Version \"v0.3\" }}\n - --kubelet-insecure-tls\n - --kubelet-preferred-address-types=InternalIP\n - --logtostderr\n {{- else }}\n - --source=kubernetes.summary_api:https://kubernetes.default.svc?kubeletHttps=true\u0026kubeletPort=10250\u0026useServiceAccount=true\u0026insecure=true\n {{- end }}\n {{ range $k,$v := .Options }}\n - --{{ $k }}={{ $v }}\n {{ end }}\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: metrics-server\n namespace: kube-system\n labels:\n kubernetes.io/name: \"Metrics-server\"\nspec:\n selector:\n k8s-app: metrics-server\n ports:\n - port: 443\n protocol: TCP\n targetPort: 443\n", "nginxingress-v1.15": "\napiVersion: v1\nkind: Namespace\nmetadata:\n name: ingress-nginx\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: nginx-configuration\n namespace: ingress-nginx\n labels:\n app: ingress-nginx\ndata:\n{{ range $k,$v := .Options }}\n {{ $k }}: \"{{ $v }}\"\n{{ end }}\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: tcp-services\n namespace: ingress-nginx\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: udp-services\n namespace: ingress-nginx\n{{if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: nginx-ingress-clusterrole\nrules:\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - nodes\n - pods\n - secrets\n verbs:\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - services\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - \"extensions\"\n - \"networking.k8s.io\"\n resources:\n - ingresses\n - daemonsets\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n - apiGroups:\n - \"extensions\"\n - \"networking.k8s.io\"\n resources:\n - ingresses/status\n verbs:\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: nginx-ingress-role\n namespace: ingress-nginx\nrules:\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n - pods\n - secrets\n - namespaces\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n resourceNames:\n # Defaults to \"\u003celection-id\u003e-\u003cingress-class\u003e\"\n # Here: \"\u003cingress-controller-leader\u003e-\u003cnginx\u003e\"\n # This has to be adapted if you change either parameter\n # when launching the nginx-ingress-controller.\n - \"ingress-controller-leader-nginx\"\n verbs:\n - get\n - update\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - create\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: nginx-ingress-role-nisa-binding\n namespace: ingress-nginx\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: Role\n name: nginx-ingress-role\nsubjects:\n - kind: ServiceAccount\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: nginx-ingress-clusterrole-nisa-binding\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: nginx-ingress-clusterrole\nsubjects:\n - kind: ServiceAccount\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n{{ end }}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: nginx-ingress-controller\n namespace: ingress-nginx\nspec:\n selector:\n matchLabels:\n app: ingress-nginx\n{{if .UpdateStrategy}}\n updateStrategy:\n{{ toYaml .UpdateStrategy | indent 4}}\n{{end}}\n template:\n metadata:\n labels:\n app: ingress-nginx\n annotations:\n prometheus.io/port: '10254'\n prometheus.io/scrape: 'true'\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n hostNetwork: true\n {{if .DNSPolicy}}\n dnsPolicy: {{.DNSPolicy}}\n {{end}}\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: nginx-ingress-serviceaccount\n {{ end }}\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n {{- if ne .AlpineImage \"\"}}\n initContainers:\n - command:\n - sh\n - -c\n - sysctl -w net.core.somaxconn=32768; sysctl -w net.ipv4.ip_local_port_range=\"1024 65535\"\n image: {{.AlpineImage}}\n imagePullPolicy: IfNotPresent\n name: sysctl\n securityContext:\n privileged: true\n {{- end }}\n containers:\n - name: nginx-ingress-controller\n image: {{.IngressImage}}\n args:\n - /nginx-ingress-controller\n - --default-backend-service=$(POD_NAMESPACE)/default-http-backend\n - --configmap=$(POD_NAMESPACE)/nginx-configuration\n - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services\n - --udp-services-configmap=$(POD_NAMESPACE)/udp-services\n - --annotations-prefix=nginx.ingress.kubernetes.io\n {{ range $k, $v := .ExtraArgs }}\n - --{{ $k }}{{if ne $v \"\" }}={{ $v }}{{end}}\n {{ end }}\n {{- if eq .AlpineImage \"\"}}\n securityContext:\n capabilities:\n drop:\n - ALL\n add:\n - NET_BIND_SERVICE\n runAsUser: 33\n {{- end }}\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n{{if .ExtraEnvs}}\n{{ toYaml .ExtraEnvs | indent 12}}\n{{end}}\n ports:\n - name: http\n containerPort: 80\n - name: https\n containerPort: 443\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10254\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n readinessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10254\n scheme: HTTP\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n{{if .ExtraVolumeMounts}}\n volumeMounts:\n{{ toYaml .ExtraVolumeMounts | indent 12}}\n{{end}}\n{{if .ExtraVolumes}}\n volumes:\n{{ toYaml .ExtraVolumes | indent 8}}\n{{end}}\n\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: default-http-backend\n labels:\n app: default-http-backend\n namespace: ingress-nginx\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: default-http-backend\n template:\n metadata:\n labels:\n app: default-http-backend\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n terminationGracePeriodSeconds: 60\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: default-http-backend\n # Any image is permissable as long as:\n # 1. It serves a 404 page at /\n # 2. It serves 200 on a /healthz endpoint\n image: {{.IngressBackend}}\n livenessProbe:\n httpGet:\n path: /healthz\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n ports:\n - containerPort: 8080\n resources:\n limits:\n cpu: 10m\n memory: 20Mi\n requests:\n cpu: 10m\n memory: 20Mi\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: default-http-backend\n namespace: ingress-nginx\n labels:\n app: default-http-backend\nspec:\n ports:\n - port: 80\n targetPort: 8080\n selector:\n app: default-http-backend\n", "nginxingress-v1.8": "\napiVersion: v1\nkind: Namespace\nmetadata:\n name: ingress-nginx\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: nginx-configuration\n namespace: ingress-nginx\n labels:\n app: ingress-nginx\ndata:\n{{ range $k,$v := .Options }}\n {{ $k }}: \"{{ $v }}\"\n{{ end }}\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: tcp-services\n namespace: ingress-nginx\n---\nkind: ConfigMap\napiVersion: v1\nmetadata:\n name: udp-services\n namespace: ingress-nginx\n{{if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: nginx-ingress-clusterrole\nrules:\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n - endpoints\n - nodes\n - pods\n - secrets\n verbs:\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - nodes\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - services\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - \"extensions\"\n resources:\n - ingresses\n - daemonsets\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - \"\"\n resources:\n - events\n verbs:\n - create\n - patch\n - apiGroups:\n - \"extensions\"\n resources:\n - ingresses/status\n verbs:\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: nginx-ingress-role\n namespace: ingress-nginx\nrules:\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n - pods\n - secrets\n - namespaces\n verbs:\n - get\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n resourceNames:\n # Defaults to \"\u003celection-id\u003e-\u003cingress-class\u003e\"\n # Here: \"\u003cingress-controller-leader\u003e-\u003cnginx\u003e\"\n # This has to be adapted if you change either parameter\n # when launching the nginx-ingress-controller.\n - \"ingress-controller-leader-nginx\"\n verbs:\n - get\n - update\n - apiGroups:\n - \"\"\n resources:\n - configmaps\n verbs:\n - create\n - apiGroups:\n - \"\"\n resources:\n - endpoints\n verbs:\n - get\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: nginx-ingress-role-nisa-binding\n namespace: ingress-nginx\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: Role\n name: nginx-ingress-role\nsubjects:\n - kind: ServiceAccount\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: nginx-ingress-clusterrole-nisa-binding\nroleRef:\n apiGroup: rbac.authorization.k8s.io\n kind: ClusterRole\n name: nginx-ingress-clusterrole\nsubjects:\n - kind: ServiceAccount\n name: nginx-ingress-serviceaccount\n namespace: ingress-nginx\n{{ end }}\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: nginx-ingress-controller\n namespace: ingress-nginx\nspec:\n selector:\n matchLabels:\n app: ingress-nginx\n{{if .UpdateStrategy}}\n updateStrategy:\n{{ toYaml .UpdateStrategy | indent 4}}\n{{end}}\n template:\n metadata:\n labels:\n app: ingress-nginx\n annotations:\n prometheus.io/port: '10254'\n prometheus.io/scrape: 'true'\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n hostNetwork: true\n {{if .DNSPolicy}}\n dnsPolicy: {{.DNSPolicy}}\n {{end}}\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n {{if eq .RBACConfig \"rbac\"}}\n serviceAccountName: nginx-ingress-serviceaccount\n {{ end }}\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n {{- if ne .AlpineImage \"\"}}\n initContainers:\n - command:\n - sh\n - -c\n - sysctl -w net.core.somaxconn=32768; sysctl -w net.ipv4.ip_local_port_range=\"1024 65535\"\n image: {{.AlpineImage}}\n imagePullPolicy: IfNotPresent\n name: sysctl\n securityContext:\n privileged: true\n {{- end }}\n containers:\n - name: nginx-ingress-controller\n image: {{.IngressImage}}\n args:\n - /nginx-ingress-controller\n - --default-backend-service=$(POD_NAMESPACE)/default-http-backend\n - --configmap=$(POD_NAMESPACE)/nginx-configuration\n - --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services\n - --udp-services-configmap=$(POD_NAMESPACE)/udp-services\n - --annotations-prefix=nginx.ingress.kubernetes.io\n {{ range $k, $v := .ExtraArgs }}\n - --{{ $k }}{{if ne $v \"\" }}={{ $v }}{{end}}\n {{ end }}\n {{- if eq .AlpineImage \"\"}}\n securityContext:\n capabilities:\n drop:\n - ALL\n add:\n - NET_BIND_SERVICE\n runAsUser: 33\n {{- end }}\n env:\n - name: POD_NAME\n valueFrom:\n fieldRef:\n fieldPath: metadata.name\n - name: POD_NAMESPACE\n valueFrom:\n fieldRef:\n fieldPath: metadata.namespace\n{{if .ExtraEnvs}}\n{{ toYaml .ExtraEnvs | indent 12}}\n{{end}}\n ports:\n - name: http\n containerPort: 80\n - name: https\n containerPort: 443\n livenessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10254\n scheme: HTTP\n initialDelaySeconds: 10\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n readinessProbe:\n failureThreshold: 3\n httpGet:\n path: /healthz\n port: 10254\n scheme: HTTP\n periodSeconds: 10\n successThreshold: 1\n timeoutSeconds: 1\n{{if .ExtraVolumeMounts}}\n volumeMounts:\n{{ toYaml .ExtraVolumeMounts | indent 12}}\n{{end}}\n{{if .ExtraVolumes}}\n volumes:\n{{ toYaml .ExtraVolumes | indent 8}}\n{{end}}\n\n---\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: default-http-backend\n labels:\n app: default-http-backend\n namespace: ingress-nginx\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: default-http-backend\n template:\n metadata:\n labels:\n app: default-http-backend\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n - key: node-role.kubernetes.io/worker\n operator: Exists\n terminationGracePeriodSeconds: 60\n tolerations:\n - effect: NoExecute\n operator: Exists\n - effect: NoSchedule\n operator: Exists\n containers:\n - name: default-http-backend\n # Any image is permissable as long as:\n # 1. It serves a 404 page at /\n # 2. It serves 200 on a /healthz endpoint\n image: {{.IngressBackend}}\n livenessProbe:\n httpGet:\n path: /healthz\n port: 8080\n scheme: HTTP\n initialDelaySeconds: 30\n timeoutSeconds: 5\n ports:\n - containerPort: 8080\n resources:\n limits:\n cpu: 10m\n memory: 20Mi\n requests:\n cpu: 10m\n memory: 20Mi\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: default-http-backend\n namespace: ingress-nginx\n labels:\n app: default-http-backend\nspec:\n ports:\n - port: 80\n targetPort: 8080\n selector:\n app: default-http-backend\n", + "nodelocal-v1.15": "\n{{- if eq .RBACConfig \"rbac\"}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: node-local-dns\n namespace: kube-system\n labels:\n kubernetes.io/cluster-service: \"true\"\n addonmanager.kubernetes.io/mode: Reconcile\n{{- end }}\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: kube-dns-upstream\n namespace: kube-system\n labels:\n k8s-app: kube-dns\n kubernetes.io/cluster-service: \"true\"\n addonmanager.kubernetes.io/mode: Reconcile\n kubernetes.io/name: \"KubeDNSUpstream\"\nspec:\n ports:\n - name: dns\n port: 53\n protocol: UDP\n targetPort: 53\n - name: dns-tcp\n port: 53\n protocol: TCP\n targetPort: 53\n selector:\n k8s-app: kube-dns\n---\napiVersion: v1\nkind: ConfigMap\nmetadata:\n name: node-local-dns\n namespace: kube-system\n labels:\n addonmanager.kubernetes.io/mode: Reconcile\ndata:\n Corefile: |\n {{.ClusterDomain}}:53 {\n errors\n cache {\n success 9984 30\n denial 9984 5\n }\n reload\n loop\n bind {{.IPAddress}} {{.ClusterDNSServer}}\n forward . __PILLAR__CLUSTER__DNS__ {\n force_tcp\n }\n prometheus :9253\n health {{.IPAddress}}:8080\n }\n in-addr.arpa:53 {\n errors\n cache 30\n reload\n loop\n bind {{.IPAddress}} {{.ClusterDNSServer}}\n forward . __PILLAR__CLUSTER__DNS__ {\n force_tcp\n }\n prometheus :9253\n }\n ip6.arpa:53 {\n errors\n cache 30\n reload\n loop\n bind {{.IPAddress}} {{.ClusterDNSServer}}\n forward . __PILLAR__CLUSTER__DNS__ {\n force_tcp\n }\n prometheus :9253\n }\n .:53 {\n errors\n cache 30\n reload\n loop\n bind {{.IPAddress}} {{.ClusterDNSServer}}\n forward . __PILLAR__UPSTREAM__SERVERS__ {\n force_tcp\n }\n prometheus :9253\n }\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n name: node-local-dns\n namespace: kube-system\n labels:\n k8s-app: node-local-dns\n kubernetes.io/cluster-service: \"true\"\n addonmanager.kubernetes.io/mode: Reconcile\nspec:\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 4}}\n{{else}}\n rollingUpdate:\n maxUnavailable: 1\n{{end}}\n selector:\n matchLabels:\n k8s-app: node-local-dns\n template:\n metadata:\n labels:\n k8s-app: node-local-dns\n spec:\n priorityClassName: system-node-critical\n{{- if eq .RBACConfig \"rbac\"}}\n serviceAccountName: node-local-dns\n{{- end }}\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n hostNetwork: true\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n dnsPolicy: Default # Don't use cluster DNS.\n tolerations:\n - operator: Exists\n containers:\n - name: node-cache\n image: {{.NodelocalImage}}\n resources:\n requests:\n cpu: 25m\n memory: 5Mi\n args: [ \"-localip\", \"{{.IPAddress}},{{.ClusterDNSServer}}\", \"-conf\", \"/etc/Corefile\", \"-upstreamsvc\", \"kube-dns-upstream\" ]\n securityContext:\n privileged: true\n ports:\n - containerPort: 53\n name: dns\n protocol: UDP\n - containerPort: 53\n name: dns-tcp\n protocol: TCP\n - containerPort: 9253\n name: metrics\n protocol: TCP\n livenessProbe:\n httpGet:\n host: {{.IPAddress}}\n path: /health\n port: 8080\n initialDelaySeconds: 60\n timeoutSeconds: 5\n volumeMounts:\n - mountPath: /run/xtables.lock\n name: xtables-lock\n readOnly: false\n - name: config-volume\n mountPath: /etc/coredns\n - name: kube-dns-config\n mountPath: /etc/kube-dns\n volumes:\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n type: FileOrCreate\n - name: kube-dns-config\n configMap:\n name: kube-dns\n optional: true\n - name: config-volume\n configMap:\n name: node-local-dns\n items:\n - key: Corefile\n path: Corefile.base\n", "weave-v1.16": "\n---\n# This ConfigMap can be used to configure a self-hosted Weave Net installation.\napiVersion: v1\nkind: List\nitems:\n - apiVersion: v1\n kind: ServiceAccount\n metadata:\n name: weave-net\n namespace: kube-system\n - apiVersion: apps/v1\n kind: DaemonSet\n metadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n spec:\n selector:\n matchLabels:\n name: weave-net\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n scheduler.alpha.kubernetes.io/tolerations: \u003e-\n [{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"master\",\"effect\":\"NoSchedule\"}]\n labels:\n name: weave-net\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n containers:\n - name: weave\n command:\n - /home/weave/launch.sh\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: IPALLOC_RANGE\n value: \"{{.ClusterCIDR}}\"\n {{- if .WeavePassword}}\n - name: WEAVE_PASSWORD\n value: \"{{.WeavePassword}}\"\n {{- end}}\n {{- if .MTU }}\n {{- if ne .MTU 0 }}\n - name: WEAVE_MTU\n value: \"{{.MTU}}\"\n {{- end }}\n {{- end }}\n image: {{.Image}}\n readinessProbe:\n httpGet:\n host: 127.0.0.1\n path: /status\n port: 6784\n initialDelaySeconds: 30\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: weavedb\n mountPath: /weavedb\n - name: cni-bin\n mountPath: /host/opt\n - name: cni-bin2\n mountPath: /host/home\n - name: cni-conf\n mountPath: /host/etc\n - name: dbus\n mountPath: /host/var/lib/dbus\n - name: lib-modules\n mountPath: /lib/modules\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-npc\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n image: {{.CNIImage}}\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-plugins\n command:\n - /opt/rke-tools/weave-plugins-cni.sh\n image: {{.WeaveLoopbackImage}}\n securityContext:\n privileged: true\n volumeMounts:\n - name: cni-bin\n mountPath: /opt\n hostNetwork: true\n hostPID: true\n restartPolicy: Always\n securityContext:\n seLinuxOptions: {}\n serviceAccountName: weave-net\n tolerations:\n - operator: Exists\n effect: NoSchedule\n - operator: Exists\n effect: NoExecute\n volumes:\n - name: weavedb\n hostPath:\n path: /var/lib/weave\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-bin2\n hostPath:\n path: /home\n - name: cni-conf\n hostPath:\n path: /etc\n - name: dbus\n hostPath:\n path: /var/lib/dbus\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 8}}\n{{end}}\n type: RollingUpdate\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nrules:\n - apiGroups:\n - ''\n resources:\n - pods\n - namespaces\n - nodes\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - networking.k8s.io\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - ''\n resources:\n - nodes/status\n verbs:\n - patch\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nroleRef:\n kind: ClusterRole\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nrules:\n - apiGroups:\n - ''\n resourceNames:\n - weave-net\n resources:\n - configmaps\n verbs:\n - get\n - update\n - apiGroups:\n - ''\n resources:\n - configmaps\n verbs:\n - create\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nroleRef:\n kind: Role\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n{{- end}}\n", "weave-v1.8": "\n---\n# This ConfigMap can be used to configure a self-hosted Weave Net installation.\napiVersion: v1\nkind: List\nitems:\n - apiVersion: v1\n kind: ServiceAccount\n metadata:\n name: weave-net\n namespace: kube-system\n - apiVersion: extensions/v1beta1\n kind: DaemonSet\n metadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n spec:\n template:\n metadata:\n annotations:\n scheduler.alpha.kubernetes.io/critical-pod: ''\n scheduler.alpha.kubernetes.io/tolerations: \u003e-\n [{\"key\":\"dedicated\",\"operator\":\"Equal\",\"value\":\"master\",\"effect\":\"NoSchedule\"}]\n labels:\n name: weave-net\n spec:\n affinity:\n nodeAffinity:\n requiredDuringSchedulingIgnoredDuringExecution:\n nodeSelectorTerms:\n - matchExpressions:\n - key: beta.kubernetes.io/os\n operator: NotIn\n values:\n - windows\n{{if .NodeSelector}}\n nodeSelector:\n {{ range $k, $v := .NodeSelector }}\n {{ $k }}: \"{{ $v }}\"\n {{ end }}\n{{end}}\n containers:\n - name: weave\n command:\n - /home/weave/launch.sh\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n - name: IPALLOC_RANGE\n value: \"{{.ClusterCIDR}}\"\n {{- if .WeavePassword}}\n - name: WEAVE_PASSWORD\n value: \"{{.WeavePassword}}\"\n {{- end}}\n {{- if .MTU }}\n {{- if ne .MTU 0 }}\n - name: WEAVE_MTU\n value: \"{{.MTU}}\"\n {{- end }}\n {{- end }}\n image: {{.Image}}\n readinessProbe:\n httpGet:\n host: 127.0.0.1\n path: /status\n port: 6784\n initialDelaySeconds: 30\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: weavedb\n mountPath: /weavedb\n - name: cni-bin\n mountPath: /host/opt\n - name: cni-bin2\n mountPath: /host/home\n - name: cni-conf\n mountPath: /host/etc\n - name: dbus\n mountPath: /host/var/lib/dbus\n - name: lib-modules\n mountPath: /lib/modules\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-npc\n env:\n - name: HOSTNAME\n valueFrom:\n fieldRef:\n apiVersion: v1\n fieldPath: spec.nodeName\n image: {{.CNIImage}}\n resources:\n requests:\n cpu: 10m\n securityContext:\n privileged: true\n volumeMounts:\n - name: xtables-lock\n mountPath: /run/xtables.lock\n - name: weave-plugins\n command:\n - /opt/rke-tools/weave-plugins-cni.sh\n image: {{.WeaveLoopbackImage}}\n securityContext:\n privileged: true\n volumeMounts:\n - name: cni-bin\n mountPath: /opt\n hostNetwork: true\n hostPID: true\n restartPolicy: Always\n securityContext:\n seLinuxOptions: {}\n serviceAccountName: weave-net\n tolerations:\n - operator: Exists\n effect: NoSchedule\n - operator: Exists\n effect: NoExecute\n volumes:\n - name: weavedb\n hostPath:\n path: /var/lib/weave\n - name: cni-bin\n hostPath:\n path: /opt\n - name: cni-bin2\n hostPath:\n path: /home\n - name: cni-conf\n hostPath:\n path: /etc\n - name: dbus\n hostPath:\n path: /var/lib/dbus\n - name: lib-modules\n hostPath:\n path: /lib/modules\n - name: xtables-lock\n hostPath:\n path: /run/xtables.lock\n updateStrategy:\n{{if .UpdateStrategy}}\n{{ toYaml .UpdateStrategy | indent 8}}\n{{end}}\n type: RollingUpdate\n{{- if eq .RBACConfig \"rbac\"}}\n---\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRole\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nrules:\n - apiGroups:\n - ''\n resources:\n - pods\n - namespaces\n - nodes\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - networking.k8s.io\n resources:\n - networkpolicies\n verbs:\n - get\n - list\n - watch\n - apiGroups:\n - ''\n resources:\n - nodes/status\n verbs:\n - patch\n - update\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: ClusterRoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\nroleRef:\n kind: ClusterRole\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: Role\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nrules:\n - apiGroups:\n - ''\n resourceNames:\n - weave-net\n resources:\n - configmaps\n verbs:\n - get\n - update\n - apiGroups:\n - ''\n resources:\n - configmaps\n verbs:\n - create\n---\napiVersion: rbac.authorization.k8s.io/v1beta1\nkind: RoleBinding\nmetadata:\n name: weave-net\n labels:\n name: weave-net\n namespace: kube-system\nroleRef:\n kind: Role\n name: weave-net\n apiGroup: rbac.authorization.k8s.io\nsubjects:\n - kind: ServiceAccount\n name: weave-net\n namespace: kube-system\n{{- end}}\n" }, @@ -3851,7 +3966,7 @@ }, "RKEDefaultK8sVersions": { "0.3": "v1.16.3-rancher1-1", - "default": "v1.17.3-rancher1-1" + "default": "v1.17.3-rancher1-2" }, "K8sVersionDockerInfo": { "1.10": [ @@ -4061,24 +4176,73 @@ }, "CisConfigParams": { "default": { - "benchmarkVersion": "rke-cis-1.4" + "benchmarkVersion": "rke-cis-1.5" }, "v1.15": { - "benchmarkVersion": "rke-cis-1.4" + "benchmarkVersion": "rke-cis-1.5" + }, + "v1.16": { + "benchmarkVersion": "rke-cis-1.5" + }, + "v1.17": { + "benchmarkVersion": "rke-cis-1.5" + }, + "v1.18": { + "benchmarkVersion": "rke-cis-1.5" } }, "CisBenchmarkVersionInfo": { "cis-1.4": { - "minKubernetesVersion": "1.13" + "managed": false, + "minKubernetesVersion": "1.13", + "skippedChecks": null, + "notApplicableChecks": null }, "cis-1.5": { - "minKubernetesVersion": "1.15" + "managed": false, + "minKubernetesVersion": "1.15", + "skippedChecks": null, + "notApplicableChecks": null }, "rke-cis-1.4": { - "minKubernetesVersion": "1.13" + "managed": true, + "minKubernetesVersion": "1.13", + "skippedChecks": {}, + "notApplicableChecks": {} }, "rke-cis-1.5": { - "minKubernetesVersion": "1.15" + "managed": true, + "minKubernetesVersion": "1.15", + "skippedChecks": { + "5.2.2": "Enabling Pod Security Policy can cause issues with many helm chart installations", + "5.2.3": "Enabling Pod Security Policy can cause issues with many helm chart installations", + "5.2.4": "Enabling Pod Security Policy can cause issues with many helm chart installations", + "5.2.5": "Enabling Pod Security Policy can cause issues with many helm chart installations", + "5.3.2": "Enabling Network Policies can cause lot of unintended network traffic disruptions", + "5.6.4": "A default namespace provides a flexible workspace to try out various deployments" + }, + "notApplicableChecks": { + "1.1.1": "Cluster provisioned by RKE doesn't require or maintain a configuration file for kube-apiserver.\nAll configuration is passed in as arguments at container run time.", + "1.1.2": "Cluster provisioned by RKE doesn't require or maintain a configuration file for kube-apiserver.\nAll configuration is passed in as arguments at container run time.", + "1.1.3": "Cluster provisioned by RKE doesn't require or maintain a configuration file for kube-apiserver.\nAll configuration is passed in as arguments at container run time.", + "1.1.4": "Cluster provisioned by RKE doesn't require or maintain a configuration file for kube-apiserver.\nAll configuration is passed in as arguments at container run time.", + "1.1.5": "Cluster provisioned by RKE doesn't require or maintain a configuration file for kube-apiserver.\nAll configuration is passed in as arguments at container run time.", + "1.1.6": "Cluster provisioned by RKE doesn't require or maintain a configuration file for kube-apiserver.\nAll configuration is passed in as arguments at container run time.", + "1.1.7": "Cluster provisioned by RKE doesn't require or maintain a configuration file for kube-apiserver.\nAll configuration is passed in as arguments at container run time.", + "1.1.8": "Cluster provisioned by RKE doesn't require or maintain a configuration file for kube-apiserver.\nAll configuration is passed in as arguments at container run time." + } } + }, + "k3s": { + "channels": [ + { + "latest": "v1.17.3+k3s1", + "name": "v1.17" + }, + { + "latest": "v1.16.7+k3s1", + "name": "v1.16" + } + ] } } \ No newline at end of file diff --git a/go.mod b/go.mod index 0cee8994..1633dfaf 100644 --- a/go.mod +++ b/go.mod @@ -9,16 +9,14 @@ replace ( require ( github.com/Masterminds/sprig/v3 v3.0.0 - github.com/Microsoft/go-winio v0.4.11 // indirect github.com/blang/semver v3.5.1+incompatible github.com/containerd/containerd v1.3.0-beta.0.0.20190808172034-23faecfb66ab // indirect - github.com/coreos/bbolt v1.3.3 // indirect - github.com/coreos/etcd v3.3.15+incompatible + github.com/coreos/etcd v3.3.17+incompatible github.com/coreos/go-semver v0.3.0 github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f // indirect github.com/docker/distribution v2.7.1+incompatible github.com/docker/docker v0.7.3-0.20190808172531-150530564a14 - github.com/docker/go-connections v0.3.0 + github.com/docker/go-connections v0.4.0 github.com/ghodss/yaml v1.0.0 github.com/go-bindata/go-bindata v3.1.2+incompatible github.com/go-ini/ini v1.37.0 @@ -26,10 +24,9 @@ require ( github.com/mattn/go-colorable v0.1.2 github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c // indirect - github.com/opencontainers/image-spec v1.0.1 // indirect github.com/pkg/errors v0.8.1 github.com/rancher/norman v0.0.0-20200211155126-fc45a55d4dfd - github.com/rancher/types v0.0.0-20200226215232-12620b5bd7ff + github.com/rancher/types v0.0.0-20200303162837-300a04e6f743 github.com/sirupsen/logrus v1.4.2 github.com/stretchr/testify v1.4.0 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 // indirect diff --git a/go.sum b/go.sum index 1335dcdd..1bf6cd36 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,8 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= +cloud.google.com/go v0.37.4/go.mod h1:NHPJ89PdicEuT9hdPXMROBD91xc5uRDxsMtSB16k7hw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= +cloud.google.com/go v0.43.0/go.mod h1:BOSR3VbTLkk6FDC/TcffxP4NF/FFBGA5ku+jvKOP7pg= cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU= cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY= cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc= @@ -12,11 +14,15 @@ cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.3.0/go.mod h1:9IAwXhoyBJ7z9LcAwkj0/7NnPzYaPeZxxVp3zm+5IqA= +contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA= contrib.go.opencensus.io/exporter/ocagent v0.6.0/go.mod h1:zmKjrJcdo0aYcVS7bmEeSEBLPA9YJp5bjrofdU3pIXs= +contrib.go.opencensus.io/exporter/prometheus v0.1.0/go.mod h1:cGFniUXGZlKRjzOyuZJ6mgB+PgBcCIa79kEKR8YCW+A= +contrib.go.opencensus.io/exporter/stackdriver v0.12.7/go.mod h1:ZOhmSfHIoyVaQ+bKN+lR4h7K2olTIJsrdOwWHsNGw4w= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-pipeline-go v0.2.1/go.mod h1:UGSo8XybXnIGZ3epmeBw7Jdz+HiUVpqIlpz/HKHylF4= github.com/Azure/azure-pipeline-go v0.2.2/go.mod h1:4rQ/NZncSvGqNkkOsNpOU1tgoNuIlp9AfUH5G1tvCHc= github.com/Azure/azure-sdk-for-go v23.2.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= +github.com/Azure/azure-sdk-for-go v32.5.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go v36.1.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-storage-blob-go v0.8.0/go.mod h1:lPI3aLPpuLTeUwh1sViKXFxwl2B6teiRqI0deQUvsw0= github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8= @@ -24,6 +30,7 @@ github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX github.com/Azure/go-autorest v11.2.8+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.9.0/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= github.com/Azure/go-autorest/autorest v0.9.3-0.20191028180845-3492b2aff503/go.mod h1:xyHB1BMZT0cuDHU7I0+g046+BFDTQ8rEZB0s4Yfa6bI= +github.com/Azure/go-autorest/autorest/adal v0.1.0/go.mod h1:MeS4XhScH55IST095THyTxElntu7WqB7pNbZo8Q5G3E= github.com/Azure/go-autorest/autorest/adal v0.5.0/go.mod h1:8Z9fGy2MpX0PvDjB1pEgQTmVqjGhiHBW7RJJEciWzS0= github.com/Azure/go-autorest/autorest/adal v0.8.1-0.20191028180845-3492b2aff503/go.mod h1:Z6vX6WXXuyieHAXwMj0S6HY6e6wcHn37qQMBQlvY3lc= github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA= @@ -31,13 +38,17 @@ github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+v github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0= github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM= +github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA= github.com/Azure/go-autorest/autorest/to v0.3.1-0.20191028180845-3492b2aff503/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA= +github.com/Azure/go-autorest/autorest/validation v0.2.0/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI= github.com/Azure/go-autorest/autorest/validation v0.2.1-0.20191028180845-3492b2aff503/go.mod h1:3EEqHnBxQGHXRYq3HT1WyXAvT7LLY3tl70hw6tQIbjI= github.com/Azure/go-autorest/logger v0.1.0/go.mod h1:oExouG+K6PryycPJfVSxi/koC6LSNgds39diKLz7Vrc= +github.com/Azure/go-autorest/tracing v0.1.0/go.mod h1:ROEEAFwXycQw7Sn3DXNtEedEvdeRAgDr0izn4z5Ij88= github.com/Azure/go-autorest/tracing v0.5.0/go.mod h1:r/s2XiOKccPW3HrqB+W0TQzfbtp2fGCgRFtBroKn4Dk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= +github.com/Jeffail/gabs v1.1.1/go.mod h1:6xMvQMK4k33lb7GUUpaAPh6nKMmemQeg5d4gn7/bOXc= github.com/MakeNowJust/heredoc v0.0.0-20170808103936-bb23615498cd/go.mod h1:64YHyfSL2R96J44Nlwm39UHepQbyR5q10x7iYa1ks2E= github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= @@ -45,10 +56,11 @@ github.com/Masterminds/semver/v3 v3.0.1 h1:2kKm5lb7dKVrt5TYUiAavE6oFc1cFT0057UVG github.com/Masterminds/semver/v3 v3.0.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs= github.com/Masterminds/sprig/v3 v3.0.0 h1:KSQz7Nb08/3VU9E4ns29dDxcczhOD1q7O1UfM4G3t3g= github.com/Masterminds/sprig/v3 v3.0.0/go.mod h1:NEUY/Qq8Gdm2xgYA+NwJM6wmfdRV9xkh8h/Rld20R0U= -github.com/Microsoft/go-winio v0.4.11 h1:zoIOcVf0xPN1tnMVbTtEdI+P8OofVk3NObnwOQ6nK2Q= -github.com/Microsoft/go-winio v0.4.11/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= +github.com/Microsoft/go-winio v0.4.12 h1:xAfWHN1IrQ0NJ9TBC0KBZoqLjzDTr1ML+4MywiUOryc= +github.com/Microsoft/go-winio v0.4.12/go.mod h1:VhR8bwka0BXejwEJY73c50VrPtXAaKcyvVC4A4RozmA= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= github.com/NYTimes/gziphandler v1.1.1/go.mod h1:n/CVRwUEOgIxrgPvAQhUUr9oeUtvrhMomdKFjzJNB0c= +github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/OneOfOne/xxhash v1.2.6/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= github.com/PuerkitoBio/purell v1.0.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= @@ -56,8 +68,11 @@ github.com/PuerkitoBio/purell v1.1.0/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbt github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0= github.com/PuerkitoBio/urlesc v0.0.0-20160726150825-5bd2802263f2/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE= +github.com/SAP/go-hdb v0.14.1/go.mod h1:7fdQLVC2lER3urZLjZCm0AuMQfApof92n3aylBPEkMo= +github.com/SermoDigital/jose v0.9.1/go.mod h1:ARgCUhI1MHQH+ONky/PAtmVHQrP5JlGY0F3poXOp/fA= github.com/Shopify/sarama v1.19.0/go.mod h1:FVkBWblsNy7DGZRfXLU0O9RCGt5g3g3yEuWXgklEdEo= github.com/Shopify/toxiproxy v2.1.4+incompatible/go.mod h1:OXgGpZ6Cli1/URJOF1DMxUHB2q5Ap20/P/eIdh4G0pI= +github.com/Venafi/vcert v0.0.0-20190613103158-62139eb19b25/go.mod h1:3sXw16DKVded/kLVDma2veqEUQC7O37h98ims7cIvN4= github.com/agnivade/levenshtein v1.0.1/go.mod h1:CURSv5d9Uaml+FovSIICkLbAUZ9S4RqaHDIsdSBg7lM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -76,6 +91,8 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/asaskevich/govalidator v0.0.0-20180720115003-f9ffefc3facf/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY= +github.com/aws/aws-sdk-go v1.22.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= +github.com/aws/aws-sdk-go v1.24.1/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.25.48/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/baiyubin/aliyun-sts-go-sdk v0.0.0-20180326062324-cfa1a18b161f/go.mod h1:AuiFmCCPBSrqvVMvuqFuk0qogytodnVFVSN5CeJB8Gc= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= @@ -83,13 +100,17 @@ github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+Ce github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= +github.com/bitly/go-hostpool v0.0.0-20171023180738-a3a6125de932/go.mod h1:NOuUCSz6Q9T7+igc/hlvDOUdtWKryOrtFyIVABv/p7k= github.com/blang/semver v3.5.0+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= +github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4= github.com/bradfitz/gomemcache v0.0.0-20190913173617-a41fca850d0b/go.mod h1:H0wQNHz2YrLsuXOZozoeDmnHXkNCRmMW0gwFWDfEZDA= github.com/brancz/gojsontoyaml v0.0.0-20190425155809-e8bd32d46b3d/go.mod h1:IyUJYN1gvWjtLF5ZuygmxbnsAyP3aJS6cHzIuZY50B0= github.com/campoy/embedmd v1.0.0/go.mod h1:oxyr9RCiSXg0M3VJ3ks0UGfp98BpSSGr0kpiX3MzVl8= github.com/cenkalti/backoff v0.0.0-20181003080854-62661b46c409/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/cenkalti/backoff v2.1.1+incompatible/go.mod h1:90ReRw6GdpyfrHakVjL/QHaoyV4aDUVVkXQJJJ3NXXM= +github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v0.0.0-20181017004759-096ff4a8a059/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= @@ -101,16 +122,20 @@ github.com/chai2010/gettext-go v0.0.0-20160711120539-c6fed771bfd5/go.mod h1:/iP1 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/cloudflare-go v0.8.5/go.mod h1:8KhU6K+zHUEWOSU++mEQYf7D9UZOcQcibUoSm6vCUz4= github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8= github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI= github.com/containerd/containerd v1.3.0-beta.0.0.20190808172034-23faecfb66ab h1:lLoKpH/jolCo6LOWonSg8psTvcGAF7qklWRhcfvVsqc= github.com/containerd/containerd v1.3.0-beta.0.0.20190808172034-23faecfb66ab/go.mod h1:bC6axHOhabU15QhwfG7w5PipXdVtMXFTttgp+kVtyUA= +github.com/containerd/continuity v0.0.0-20181203112020-004b46473808/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y= github.com/coreos/bbolt v1.3.1-coreos.6/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/bbolt v1.3.3 h1:n6AiVyVRKQFNb6mJlwESEvvLoDyiTzXX7ORAUlkeBdY= github.com/coreos/bbolt v1.3.3/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk= github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/etcd v3.3.15+incompatible h1:+9RjdC18gMxNQVvSiXvObLu29mOFmkgdsB4cRTlV+EE= github.com/coreos/etcd v3.3.15+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= +github.com/coreos/etcd v3.3.17+incompatible h1:f/Z3EoDSx1yjaIjLQGo1diYUlQYSBrrAQ5vP8NjwXwo= +github.com/coreos/etcd v3.3.17+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE= github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk= github.com/coreos/go-oidc v2.1.0+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc= github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk= @@ -125,6 +150,7 @@ github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f h1:lBNOc5arjvs8E5mO2tbp github.com/coreos/pkg v0.0.0-20180928190104-399ea9e2e55f/go.mod h1:E3G3o1h8I7cfcXa63jLwjI0eiQQMgzzUDFVpN/nH/eA= github.com/coreos/prometheus-operator v0.36.0 h1:ayzkQoqfbnEne+ZMOZl30ZzSymY6KFpzA58QLz+4wlw= github.com/coreos/prometheus-operator v0.36.0/go.mod h1:b1ydz/Rg9TqDtHu2MDXKfiX/Hv0Bogy1iY82fRbhEFg= +github.com/cpu/goacmedns v0.0.0-20180701200144-565ecf2a84df/go.mod h1:sesf/pNnCYwUevQEQfEwY0Y3DydlQWSGZbaMElOWxok= github.com/cpuguy83/go-md2man v1.0.10/go.mod h1:SmD6nW6nTyfqj6ABTjUi3V3JVMnlJmwcJI5acqYI6dE= github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY= github.com/davecgh/go-spew v0.0.0-20151105211317-5215b55f46b2/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -132,21 +158,25 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/daviddengcn/go-colortext v0.0.0-20160507010035-511bcaf42ccd/go.mod h1:dv4zxwHi5C/8AeI+4gX4dCWOIvNi7I6JCSX0HvlKPgE= +github.com/deislabs/smi-sdk-go v0.2.0/go.mod h1:0k1wou4pOCBNFoyxOkTUoB9XDtB2RBvJ03S5aJREHCI= +github.com/denisenkom/go-mssqldb v0.0.0-20190412130859-3b1d194e553a/go.mod h1:zAg7JM8CkOJ43xKXIj7eRO9kmWm/TW578qo+oDO6tuM= github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM= github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ= github.com/dgryski/go-sip13 v0.0.0-20190329191031-25c5027a8c7b/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no= +github.com/digitalocean/godo v1.6.0/go.mod h1:h6faOIcZ8lWIwNQ+DN7b3CgX4Kwby5T+nbpNqkUIozU= github.com/docker/distribution v2.7.1+incompatible h1:a5mlkVzth6W5A4fOsS3D2EO5BUmsJpcB+cRlLU7cSug= github.com/docker/distribution v2.7.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= github.com/docker/docker v0.7.3-0.20190327010347-be7ac8be2ae0/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker v0.7.3-0.20190808172531-150530564a14 h1:ZkcBCvSGEg1Er3X6a7srm52Czihvc+J1+/CMv6MBA9c= github.com/docker/docker v0.7.3-0.20190808172531-150530564a14/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.3.0 h1:3lOnM9cSzgGwx8VfK/NGOW5fLQ0GjIlCkaktF+n1M6o= -github.com/docker/go-connections v0.3.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= +github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= +github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docker/go-units v0.3.3/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/go-units v0.4.0 h1:3uh0PgVws3nIA0Q+MwDC8yjEPf9zjRfZZWXZYDct3Tw= github.com/docker/go-units v0.4.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= +github.com/duosecurity/duo_api_golang v0.0.0-20190308151101-6c680f768e74/go.mod h1:UqXY1lYT/ERa4OEAywUqdok1T4RCRdArkhic1Opuavo= github.com/dustin/go-humanize v0.0.0-20171111073723-bb3d318650d4/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5mFgVsvEsIPBvNs= @@ -170,6 +200,7 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM github.com/facette/natsort v0.0.0-20181210072756-2cd4dd1e2dcb/go.mod h1:bH6Xx7IW64qjjJq8M2u4dxNaBiDfKK+z/3eGDpXEQhc= github.com/fatih/camelcase v1.0.0/go.mod h1:yN2Sb0lFhZJUdVvtELVWefmrXpuZESvPmqwoZc+/fpc= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= +github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/fatih/structtag v1.1.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94= github.com/fortytw2/leaktest v1.3.0/go.mod h1:jDsjWgpAGjm2CA7WthBh/CdZYEPF31XHquHwclZch5g= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= @@ -189,6 +220,8 @@ github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= +github.com/go-logr/zapr v0.1.0/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= +github.com/go-logr/zapr v0.1.1/go.mod h1:tabnROwaDl0UNxkVeFRbY8bwB37GwRv0P8lg6aAiEnk= github.com/go-openapi/analysis v0.0.0-20180825180245-b006789cd277/go.mod h1:k70tL6pCuVxPJOHXQ+wIac1FUrvNkHolPie/cLEU6hI= github.com/go-openapi/analysis v0.17.0/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= github.com/go-openapi/analysis v0.17.2/go.mod h1:IowGgpVeD0vNm45So8nr+IcQ3pxVtpRoBWb8PVZO0ik= @@ -244,19 +277,24 @@ github.com/go-openapi/validate v0.17.2/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+ github.com/go-openapi/validate v0.18.0/go.mod h1:Uh4HdOzKt19xGIGm1qHf/ofbX1YQ4Y+MYsct2VUrAJ4= github.com/go-openapi/validate v0.19.2/go.mod h1:1tRCw7m3jtI8eNWEEliiAqUIcBztB2KDnRCRMUi7GTA= github.com/go-openapi/validate v0.19.5/go.mod h1:8DJv2CVJQ6kGNpFW6eV9N3JviE1C85nY1c2z52x1Gk4= +github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= +github.com/gobuffalo/envy v1.6.5/go.mod h1:N+GkhhZ/93bGZc6ZKhJLP6+m+tCNPKwgSpH9kaifseQ= github.com/gobuffalo/flect v0.1.5/go.mod h1:W3K3X9ksuZfir8f/LrfVtWmCDQFfayuylOJ7sz/Fj80= +github.com/gocql/gocql v0.0.0-20190402132108-0e1d5de854df/go.mod h1:4Fw1eo5iaEhDUs8XyuhSVCVy52Jq3L+/3GJgYkwc+/0= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.0/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4= github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I= github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.2.2-0.20190730201129-28a6bbf47e48/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= +github.com/gogo/protobuf v1.3.0/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b h1:VKtxabqXZkF25pY9ekfRL6a582T4P37/31XEstQ5p58= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20180513044358-24b0969c4cb7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef h1:veQD95Isof8w9/WXiA+pa3tz3fJXkt5B7QaRBrM62gk= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -270,11 +308,13 @@ github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5y github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs= github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= +github.com/golang/snappy v0.0.0-20170215233205-553a64147049/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golangplus/bytes v0.0.0-20160111154220-45c989fe5450/go.mod h1:Bk6SMAONeMXrxql8uvOKuAZSu8aM5RUGv+1C6IJaEho= github.com/golangplus/fmt v0.0.0-20150411045040-2a5d6d7d2995/go.mod h1:lJgMEyOkYFkPcDKwRXegd+iM6E7matEszMG5HhwytU8= github.com/golangplus/testing v0.0.0-20180327235837-af21d9c3145e/go.mod h1:0AA//k/eakGydO4jKRoRL2j92ZKSzTgj9tclaCrvXHk= +github.com/google/addlicense v0.0.0-20190510175307-22550fa7c1b0/go.mod h1:QtPG26W17m+OIQgE6gQ24gC1M6pUaMBAbFrTIDtwG/E= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0 h1:0udJVsspx3VBr5FwtLhQQtuAsVc79tTq0ocGIPAU6qo= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -283,6 +323,7 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ= github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck= github.com/google/gofuzz v0.0.0-20161122191042-44d81051d367/go.mod h1:HP5RmnzzSNb993RKQDq4+1A4ia9nllfqcQFTQJedwGI= github.com/google/gofuzz v1.0.0 h1:A8PeW59pxE9IoFRqBp37U+mSNaQoZ46F1f0f863XSXw= @@ -318,7 +359,9 @@ github.com/gorilla/mux v1.7.3/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2z github.com/gorilla/websocket v0.0.0-20170926233335-4201258b820c/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= github.com/gorilla/websocket v1.4.0 h1:WDFjx/TMzVgy9VdMMQi2K2Emtwi2QcUQsztZ/zLaH/Q= github.com/gorilla/websocket v1.4.0/go.mod h1:E7qHFY5m1UJ88s3WnNqhKjPHQ0heANvMoAMk2YaljkQ= +github.com/gotestyourself/gotestyourself v2.2.0+incompatible/go.mod h1:zZKM6oeNM8k+FRljX1mnzVYeS8wiGgQyvST1/GafPbY= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= +github.com/gregjones/httpcache v0.0.0-20190212212710-3befbb6ad0cc/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/grpc-ecosystem/go-grpc-middleware v0.0.0-20190222133341-cfaf5686ec79/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4 h1:z53tR0945TRRQO/fLEVPI6SMv7ZflF0TEaTAoU7tOzg= github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= @@ -327,11 +370,13 @@ github.com/grpc-ecosystem/go-grpc-middleware v1.1.0/go.mod h1:f5nM7jw/oeRSadq3xC github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.3.0/go.mod h1:RSKVYQBd5MCa4OVpNdGskqpgL2+G+NZTnrVHpWWfpdw= +github.com/grpc-ecosystem/grpc-gateway v1.8.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.4/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.9.5 h1:UImYN5qQ8tuGpGE16ZmjvcTtTw24zw1QAp/SlnNrZhI= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.12.1 h1:zCy2xE9ablevUOrUZc3Dl72Dt+ya2FNAvC2yLYMHzi4= github.com/grpc-ecosystem/grpc-gateway v1.12.1/go.mod h1:8XEsbTttt/W+VvjtQhLACqCisSPWTxCZ7sBRjU6iH9c= +github.com/hailocab/go-hostpool v0.0.0-20160125115350-e80d13ce29ed/go.mod h1:tMWxXQ9wFIaZeTI9F+hmhFiGpFmhOHzyShyFUhRm0H4= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.3.0/go.mod h1:MmDNSzIMUjNpY/mQ398R4bk2FnqQLoPndWW5VkKPlCE= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= @@ -339,11 +384,15 @@ github.com/hashicorp/consul/sdk v0.3.0/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyN github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.0/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= +github.com/hashicorp/go-hclog v0.0.0-20180709165350-ff2cf002a8dd/go.mod h1:9bjs9uLqI8l75knNv3lV1kA55veR+WUPSiKIWcQHudI= +github.com/hashicorp/go-hclog v0.8.0/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= github.com/hashicorp/go-immutable-radix v1.1.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60= +github.com/hashicorp/go-memdb v1.0.0/go.mod h1:I6dKdmYhZqU0RJSheVEWgTNWdVQH5QvTgIUQ0t/t32M= github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-msgpack v0.5.5/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= +github.com/hashicorp/go-plugin v1.0.0/go.mod h1:++UyYGoz3o5w9ZzAdZxtQKrWWP+iqPBn3cQptSMzBuY= github.com/hashicorp/go-retryablehttp v0.5.3/go.mod h1:9B5zBasrRhHXnJnui7y6sL7es7NDiJgTc6Er0maI1Xs= github.com/hashicorp/go-rootcerts v1.0.0/go.mod h1:K6zTfqpRlCUIjkwsN4Z+hiSfzSTQa6eBIzfwKfwNnHU= github.com/hashicorp/go-rootcerts v1.0.1/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= @@ -359,6 +408,7 @@ github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.3 h1:YPkqC67at8FYaadspW/6uE0COsBxS2656RLEr8Bppgk= github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= +github.com/hashicorp/golang-math-big v0.0.0-20180316142257-561262b71329/go.mod h1:eBwVNKMPVQvPzsL2kU1sgH+Wf3xcmgFCvFSyGDEUSgc= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ= @@ -366,19 +416,26 @@ github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2p github.com/hashicorp/memberlist v0.1.5/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I= github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc= github.com/hashicorp/serf v0.8.5/go.mod h1:UpNcs7fFbpKIyZaUuSW6EPiH+eZC7OuyFD+wc1oal+k= +github.com/hashicorp/vault v0.9.6/go.mod h1:KfSyffbKxoVyspOdlaGVjIuwLobi07qD1bAbosPMpP0= +github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM= +github.com/howeyc/gopass v0.0.0-20170109162249-bf9dde6d0d2c/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs= github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0= github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4= github.com/imdario/mergo v0.3.5/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= +github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI= github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/influxdata/influxdb v1.7.7/go.mod h1:qZna6X/4elxqT3yI9iZYdZrWWdeFOOprn86kgg4+IzY= +github.com/jefferai/jsonx v1.0.0/go.mod h1:OGmqmi2tTeI/PS+qQfBDToLHHJIy/RMp24fPo8vFvoQ= github.com/jessevdk/go-flags v0.0.0-20180331124232-1c38ed7ad0cc/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= +github.com/jetstack/cert-manager v0.12.0/go.mod h1:jslhqEXKW8D9U/EYSX1Eb9Iy7yZ69O3wfhznNV7Gokg= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901/go.mod h1:Z86h9688Y0wesXCyonoVr47MasHilkuLMqGhRZ4Hpak= +github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg= github.com/jonboulle/clockwork v0.1.0 h1:VKV+ZcuP6l3yW9doeqz6ziZGgcynBVQO+obU0+0hcPo= github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo= github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4= @@ -395,11 +452,14 @@ github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM= +github.com/keybase/go-crypto v0.0.0-20190403132359-d65b6b94177f/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M= github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= +github.com/konsorten/go-windows-terminal-sequences v1.0.2 h1:DB17ag19krx9CFsz4o3enTrPXyIXCl+2iCXH/aMAp9s= +github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -407,9 +467,11 @@ github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= +github.com/kubernetes-client/go v0.0.0-20190516163813-075b33afc74f/go.mod h1:ks4KCmmxdXksTSu2dlnUanEOqNd/dsoyS6/7bay2RQ8= github.com/kylelemons/godebug v0.0.0-20160406211939-eadb3ce320cb/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/leanovate/gopter v0.2.4/go.mod h1:gNcbPWNEWRe4lm+bycKqxUYoH5uoVje5SkOJ3uoLer8= +github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de/go.mod h1:zAbeS9B/r2mtpb6U+EI2rYA5OAXxsYw6wTamcNW+zcE= github.com/lightstep/lightstep-tracer-common/golang/gogo v0.0.0-20190605223551-bc2310a04743/go.mod h1:qklhhLq1aX+mtWk9cPHPzaBjWImj5ULL6C7HFJtXQMM= github.com/lightstep/lightstep-tracer-go v0.18.0/go.mod h1:jlF1pusYV4pidLvZ+XD0UBX0ZE6WURAspgAczcDHrL4= @@ -422,10 +484,12 @@ github.com/mailru/easyjson v0.0.0-20190312143242-1de009706dbe/go.mod h1:C1wdFJiN github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.0/go.mod h1:KAzv3t3aY1NaHWoQz1+4F1ccyAH66Jk7yos7ldAVICs= +github.com/markbates/inflect v1.0.4/go.mod h1:1fR9+pO2KHEO9ZRtto13gDwwZaAKstQzferVeWqbgNs= github.com/maruel/panicparse v0.0.0-20171209025017-c0182c169410/go.mod h1:nty42YY5QByNC5MM7q/nj938VbgPU7avs45z6NClpxI= github.com/maruel/ut v1.0.0/go.mod h1:I68ffiAt5qre9obEVTy7S2/fj2dJku2NYLvzPuY0gqE= github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd h1:HvFwW+cm9bCbZ/+vuGNq7CRWXql8c0y8nGeYpqmpvmk= github.com/matryer/moq v0.0.0-20190312154309-6cfb0558e1bd/go.mod h1:9ELz6aaclSIGnZBoaSLZ3NAl1VTufbOrXBPvtcy6WiQ= +github.com/mattbaird/jsonpatch v0.0.0-20171005235357-81af80346b1a/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.2 h1:/bC9yWikZXAL9uJdulbSfyVNIR3n3trXl+v8+1sx8mU= github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= @@ -445,6 +509,9 @@ github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0j github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa h1:XvNrttGMJfVrUqblGju4IkjYXwx6l5OAAyjaIsydzsk= github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa/go.mod h1:76rfSfYPWj01Z85hUf/ituArm797mNKcvINh1OlsZKo= +github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= +github.com/mgutz/logxi v0.0.0-20161027140823-aebf8a7d67ab/go.mod h1:y1pL58r5z2VvAjeG1VLGc8zOQgSOzbKN7kMHPvFXJ+8= +github.com/miekg/dns v0.0.0-20170721150254-0f3adef2e220/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/dns v1.1.22/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKjuso= @@ -455,6 +522,7 @@ github.com/mitchellh/copystructure v1.0.0 h1:Laisrj+bAB6b/yJwB5Bt3ITZhGJdqmxquMK github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/go-homedir v1.0.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= +github.com/mitchellh/go-testing-interface v0.0.0-20171004221916-a61a99592b77/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/gox v0.4.0/go.mod h1:Sd9lOJ0+aimLBi73mGofS1ycjY8lL3uZM3JPS42BGNg= @@ -475,7 +543,9 @@ github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c h1:nXxl5PrvVm2L/wCy8d github.com/morikuni/aec v0.0.0-20170113033406-39771216ff4c/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mozillazg/go-cos v0.13.0/go.mod h1:Zp6DvvXn0RUOXGJ2chmWt2bLEqRAnJnS3DnAZsJsoaE= github.com/mozillazg/go-httpheader v0.2.1/go.mod h1:jJ8xECTlalr6ValeXYdOF8fFUISeBAdw6E61aqQma60= +github.com/munnerz/crd-schema-fuzz v0.0.0-20191114184610-fbd148d44a0a/go.mod h1:fVs1Mso4ZxhlygBEUDgOcyLtp5/DnLuCb8H5GI3CzS4= github.com/munnerz/goautoneg v0.0.0-20120707110453-a547fc61f48d/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/munnerz/goautoneg v0.0.0-20190414153302-2ae31c8b6b30/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U= @@ -505,14 +575,17 @@ github.com/opencontainers/go-digest v1.0.0-rc1 h1:WzifXhOVOEOuFYOJAW6aQqW0TooG2i github.com/opencontainers/go-digest v1.0.0-rc1/go.mod h1:cMLVZDEM3+U2I4VmLI6N8jQYUd2OVphdqWwCJHrFt2s= github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVojFA6h/TRcI= github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= +github.com/opencontainers/runc v0.1.1/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= github.com/openshift/prom-label-proxy v0.1.1-0.20191016113035-b8153a7f39f1/go.mod h1:p5MuxzsYP1JPsNGwtjtcgRHHlGziCJJfztff91nNixw= github.com/opentracing-contrib/go-stdlib v0.0.0-20190519235532-cf7a6c988dc9/go.mod h1:PLldrQSroqzH70Xl+1DQcGnefIbqsKR7UDaiux3zV+w= github.com/opentracing/basictracer-go v1.0.0/go.mod h1:QfBfYuafItcjQuMwinw9GhYKwFXS9KnPs5lxoYwgW74= github.com/opentracing/opentracing-go v1.0.2/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/openzipkin/zipkin-go v0.1.6/go.mod h1:QgAqvLzwWbR/WpD4A3cGpPtJrZXNIiJc5AZX7/PBEpw= +github.com/ory/dockertest v3.3.4+incompatible/go.mod h1:1vX4m9wsvi00u5bseYwXaSnhNrne+V0E6LAcBILJdPs= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= +github.com/patrickmn/go-cache v2.1.0+incompatible/go.mod h1:3Qf8kWWT7OJRJbdiICTKqZju1ZixQ/KpMGzzAfe6+WQ= github.com/pborman/uuid v1.2.0/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k= github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic= github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU= @@ -563,11 +636,12 @@ github.com/rancher/norman v0.0.0-20200211155126-fc45a55d4dfd h1:96iahn2n4qq7EuJ6 github.com/rancher/norman v0.0.0-20200211155126-fc45a55d4dfd/go.mod h1:b+483H276jRBXYosdWrNKFpxH+JYMs3UIdlV60dhdg0= github.com/rancher/pkg v0.0.0-20190514055449-b30ab9de040e h1:j6+HqCET/NLPBtew2m5apL7jWw/PStQ7iGwXjgAqdvo= github.com/rancher/pkg v0.0.0-20190514055449-b30ab9de040e/go.mod h1:XbYHTPaXuw8ZY9bylhYKQh/nJxDaTKk3YhAxPl4Qy/k= -github.com/rancher/types v0.0.0-20200226215232-12620b5bd7ff h1:BYethh0lQHdtXjhKKOYkQmSSyQfWi1Bu1lTsI4hMsjw= -github.com/rancher/types v0.0.0-20200226215232-12620b5bd7ff/go.mod h1:P+mDk2FHGO1xiLIh+HfSbOlbKMYXTPp7PgmFN2yMMCE= +github.com/rancher/types v0.0.0-20200303162837-300a04e6f743 h1:DwM6Wx7mJ95RjcdO9aAOGd4xjeCCeK0nKBKsnTGsFYA= +github.com/rancher/types v0.0.0-20200303162837-300a04e6f743/go.mod h1:k5LoTlUpefw0eAzFSJsZI0gf+C4WE41yrc1jm/MS1nM= github.com/rancher/wrangler v0.4.1/go.mod h1:1cR91WLhZgkZ+U4fV9nVuXqKurWbgXcIReU4wnQvTN8= -github.com/rancher/wrangler v0.4.2-0.20200214231136-099089b8a398 h1:1C/Fp1aSEL4Pl4hzlQsdaqzcCB9qMgalbVkvzzPIrPk= -github.com/rancher/wrangler v0.4.2-0.20200214231136-099089b8a398/go.mod h1:1cR91WLhZgkZ+U4fV9nVuXqKurWbgXcIReU4wnQvTN8= +github.com/rancher/wrangler v0.5.0 h1:zTchAfY9DzchLvXpRpQuNB0PbNfl/HSuvFL1wHN6mDU= +github.com/rancher/wrangler v0.5.0/go.mod h1:txHSBkPtVgNH/0pUCvdP0Ak0HptAOc9ffBmFxQnL4z4= +github.com/rancher/wrangler-api v0.5.0/go.mod h1:Ne7fjNRBDdUYPqltLUCW8eiaQwuKXIyAJH6wsuGK80w= github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4= github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M= github.com/rogpeppe/fastuuid v0.0.0-20150106093220-6724a57986af/go.mod h1:XWv6SoW27p1b0cqNHllgS5HIMJraePCO15w5zCzIWYg= @@ -577,6 +651,7 @@ github.com/rs/cors v1.6.0/go.mod h1:gFx+x8UowdsKA9AchylcLynDq+nNFfI8FkUZdN/jGCU= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/samuel/go-zookeeper v0.0.0-20190810000440-0ceca61e4d75/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/samuel/go-zookeeper v0.0.0-20190923202752-2cc03de413da/go.mod h1:gi+0XIa01GRL2eRQVjQkKGqKF3SF9vZR/HnPullcV2E= github.com/santhosh-tekuri/jsonschema v1.2.4/go.mod h1:TEAUOeZSmIxTTuHatJzrvARHiuO9LYd+cIxzgEHCQI4= @@ -584,6 +659,7 @@ github.com/satori/go.uuid v0.0.0-20160603004225-b111a074d5ef/go.mod h1:dA0hQrYB0 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= +github.com/sethgrid/pester v0.0.0-20190127155807-68a33a018ad0/go.mod h1:Ad7IjTpvzZO8Fl0vh9AzQ+j/jYZfyp2diGwI8m5q+ns= github.com/shurcooL/httpfs v0.0.0-20171119174359-809beceb2371/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= github.com/shurcooL/httpfs v0.0.0-20190707220628-8d4bc4ba7749/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg= github.com/shurcooL/vfsgen v0.0.0-20180825020608-02ddb050ef6b/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw= @@ -624,6 +700,8 @@ github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXf github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/tektoncd/pipeline v0.9.1/go.mod h1:IZzJdiX9EqEMuUcgdnElozdYYRh0/ZRC+NKMLj1K3Yw= +github.com/tent/http-link-go v0.0.0-20130702225549-ac974c61c2f9/go.mod h1:RHkNRtSLfOK7qBTHaeSX1D6BNpI3qw7NTxsmNr4RvN8= github.com/thanos-io/thanos v0.10.1/go.mod h1:usT/TxtJQ7DzinTt+G9kinDQmRS5sxwu0unVKZ9vdcw= github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= @@ -668,6 +746,7 @@ go.uber.org/multierr v0.0.0-20180122172545-ddea229ff1df/go.mod h1:wR5kodmAFQ0UK8 go.uber.org/multierr v1.1.0 h1:HoEmRHQPVSqub6w2z2d2EOVs2fjyFRGyofhKuyDq0QI= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= go.uber.org/zap v0.0.0-20180814183419-67bc79d13d15/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= +go.uber.org/zap v1.9.1/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= go.uber.org/zap v1.10.0 h1:ORx85nbTijNz8ljznvCMR1ZBIPKFn3jQrag10X2AsuM= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= @@ -676,6 +755,8 @@ golang.org/x/crypto v0.0.0-20181203042331-505ab145d0a9/go.mod h1:6SG95UA2DQfeDnf golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190320223903-b7391e95e576/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190325154230-a5d413f7728c/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= +golang.org/x/crypto v0.0.0-20190424203555-c05e17bb3b2d/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190513172903-22d7a77e9e5f/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -742,6 +823,7 @@ golang.org/x/net v0.0.0-20191112182307-2180aed22343 h1:00ohfJ4K98s3m6BGUoBd8nyfp golang.org/x/net v0.0.0-20191112182307-2180aed22343/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= +golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -761,6 +843,7 @@ golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5h golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181205085412-a5c9d58dba9a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= +golang.org/x/sys v0.0.0-20190129075346-302c3dd5f1cc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -769,6 +852,7 @@ golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190321052220-f7bb7a8bee54/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190425045458-9f0b1ff7b46a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190425145619-16072639606e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -777,6 +861,7 @@ golang.org/x/sys v0.0.0-20190616124812-15dcb6c0061f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190712062909-fae7ac547cb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20190804053845-51ab0e2deafa/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190922100055-0a153f010e69/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -827,14 +912,17 @@ golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190918214516-5a1a30219888/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191017205301-920acffc3e65/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191111182352-50fa39b762bc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2 h1:EtTFh6h4SAKemS+CURDMTDIANuduG5zKEXShyy18bGA= golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +gomodules.xyz/jsonpatch/v2 v2.0.1/go.mod h1:IhYNNY4jnS53ZnfE4PAmpKtDpTCj1JFXc+3mwe7XcUU= gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0= gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= gonum.org/v1/netlib v0.0.0-20190331212654-76723241ea4e/go.mod h1:kS+toOQn6AQKjmKJ7gzohV1XkqsFehRA2FbsbkopSuQ= @@ -854,6 +942,7 @@ google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpC google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc= google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= +google.golang.org/genproto v0.0.0-20190404172233-64821d5d2107/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE= google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873 h1:nfPFGzJkUDX6uBmpN/pSw7MbOAWegH5QDQuoXFHedLg= @@ -867,8 +956,10 @@ google.golang.org/genproto v0.0.0-20190927181202-20e1ac93f88c/go.mod h1:IbNlFCBr google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9 h1:6XzpBoANz1NqMNfDXzc2QmHmbb1vyMsvRfoP5rM+K1I= google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc= +google.golang.org/grpc v1.14.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= +google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.0/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -893,10 +984,13 @@ gopkg.in/fsnotify/fsnotify.v1 v1.4.7/go.mod h1:Fyux9zXlo4rWoMSIzpn9fDAYjalPqJ/K1 gopkg.in/inf.v0 v0.9.0/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= +gopkg.in/ini.v1 v1.38.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.51.0 h1:AQvPpx3LzTDM0AjnIRlVFwFFGC+npRopjZxLJj6gdno= gopkg.in/ini.v1 v1.51.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/mgo.v2 v2.0.0-20180705113604-9856a29383ce/go.mod h1:yeKp02qBN3iKW1OzL3MGk2IdtZzaj7SFntXj72NppTA= gopkg.in/natefinch/lumberjack.v2 v2.0.0/go.mod h1:l0ndWWf7gzL7RNwBG7wST/UCcT4T24xpD6X8LsfU/+k= +gopkg.in/ory-am/dockertest.v3 v3.3.4/go.mod h1:s9mmoLkaGeAh97qygnNj4xWkiN7e1SKekYC6CovU+ek= gopkg.in/resty.v1 v1.12.0/go.mod h1:mDo4pnntr5jdWRML875a/NmxYqAlA73dVijT2AXvQQo= gopkg.in/square/go-jose.v2 v2.2.2/go.mod h1:M9dMgbHiYLoDGQrXy7OpJDJWiKiU//h+vD76mk0e1AI= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= @@ -919,46 +1013,66 @@ honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0= +k8s.io/api v0.0.0-20181213150558-05914d821849/go.mod h1:iuAfoD4hCxJ8Onx9kaTIt30j7jUFS00AXQi6QMi99vA= k8s.io/api v0.0.0-20190813020757-36bff7324fb7/go.mod h1:3Iy+myeAORNCLgjd/Xu9ebwN7Vh59Bw0vh9jhoX+V58= k8s.io/api v0.0.0-20190918155943-95b840bb6a1f/go.mod h1:uWuOHnjmNrtQomJrvEBg0c0HRNyQ+8KTEERVsK0PW48= +k8s.io/api v0.0.0-20191016110408-35e52d86657a/go.mod h1:/L5qH+AD540e7Cetbui1tuJeXdmNhO8jM6VkXeDdDhQ= +k8s.io/api v0.0.0-20191114100352-16d7abae0d2a/go.mod h1:qetVJgs5i8jwdFIdoOZ70ks0ecgU+dYwqZ2uD1srwOU= k8s.io/api v0.0.0-20191115095533-47f6de673b26/go.mod h1:iA/8arsvelvo4IDqIhX4IbjTEKBGgvsf2OraTuRtLFU= k8s.io/api v0.17.0/go.mod h1:npsyOePkeP0CPwyGfXDHxvypiYMJxBWAMpQxCaJ4ZxI= k8s.io/api v0.17.2 h1:NF1UFXcKN7/OOv1uxdRz3qfra8AHsPav5M93hlV9+Dc= k8s.io/api v0.17.2/go.mod h1:BS9fjjLc4CMuqfSO8vgbHPKMt5+SF0ET6u/RVDihTo4= k8s.io/apiextensions-apiserver v0.0.0-20190918161926-8f644eb6e783/go.mod h1:xvae1SZB3E17UpV59AWc271W/Ph25N+bjPyR63X6tPY= +k8s.io/apiextensions-apiserver v0.0.0-20191016113550-5357c4baaf65/go.mod h1:5BINdGqggRXXKnDgpwoJ7PyQH8f+Ypp02fvVNcIFy9s= +k8s.io/apiextensions-apiserver v0.0.0-20191114105449-027877536833/go.mod h1:Gb1G2W/kXMizbVTnA9oh2ybQ4cM3COr3r5JDj+DzKGw= k8s.io/apiextensions-apiserver v0.17.0/go.mod h1:XiIFUakZywkUl54fVXa7QTEHcqQz9HG55nHd1DCoHj8= k8s.io/apiextensions-apiserver v0.17.2/go.mod h1:4KdMpjkEjjDI2pPfBA15OscyNldHWdBCfsWMDWAmSTs= +k8s.io/apimachinery v0.0.0-20181127025237-2b1284ed4c93/go.mod h1:ccL7Eh7zubPUSh9A3USN90/OzHNSVN6zxzde07TDCL0= k8s.io/apimachinery v0.0.0-20190809020650-423f5d784010/go.mod h1:Waf/xTS2FGRrgXCkO5FP3XxTOWh0qLf2QhL1qFZZ/R8= k8s.io/apimachinery v0.0.0-20190913080033-27d36303b655/go.mod h1:nL6pwRT8NgfF8TT68DBI8uEePRt89cSvoXUVqbkWHq4= +k8s.io/apimachinery v0.0.0-20191004115801-a2eda9f80ab8/go.mod h1:llRdnznGEAqC3DcNm6yEj472xaFVfLM7hnYofMb12tQ= +k8s.io/apimachinery v0.0.0-20191028221656-72ed19daf4bb/go.mod h1:llRdnznGEAqC3DcNm6yEj472xaFVfLM7hnYofMb12tQ= k8s.io/apimachinery v0.0.0-20191115015347-3c7067801da2/go.mod h1:dXFS2zaQR8fyzuvRdJDHw2Aerij/yVGJSre0bZQSVJA= k8s.io/apimachinery v0.17.0/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= k8s.io/apimachinery v0.17.2 h1:hwDQQFbdRlpnnsR64Asdi55GyCaIP/3WQpMmbNBeWr4= k8s.io/apimachinery v0.17.2/go.mod h1:b9qmWdKlLuU9EBh+06BtLcSf/Mu89rWL33naRxs1uZg= k8s.io/apiserver v0.0.0-20190918160949-bfa5e2e684ad/go.mod h1:XPCXEwhjaFN29a8NldXA901ElnKeKLrLtREO9ZhFyhg= +k8s.io/apiserver v0.0.0-20191016112112-5190913f932d/go.mod h1:7OqfAolfWxUM/jJ/HBLyE+cdaWFBUoo5Q5pHgJVj2ws= +k8s.io/apiserver v0.0.0-20191114103151-9ca1dc586682/go.mod h1:Idob8Va6/sMX5SmwPLsU0pdvFlkwxuJ5x+fXMG8NbKE= k8s.io/apiserver v0.17.0/go.mod h1:ABM+9x/prjINN6iiffRVNCBR2Wk7uY4z+EtEGZD48cg= k8s.io/apiserver v0.17.2 h1:NssVvPALll6SSeNgo1Wk1h2myU1UHNwmhxV0Oxbcl8Y= k8s.io/apiserver v0.17.2/go.mod h1:lBmw/TtQdtxvrTk0e2cgtOxHizXI+d0mmGQURIHQZlo= k8s.io/cli-runtime v0.17.2/go.mod h1:aa8t9ziyQdbkuizkNLAw3qe3srSyWh9zlSB7zTqRNPI= k8s.io/client-go v0.17.2 h1:ndIfkfXEGrNhLIgkr0+qhRguSD3u6DCmonepn1O6NYc= k8s.io/client-go v0.17.2/go.mod h1:QAzRgsa0C2xl4/eVpeVAZMvikCn8Nm81yqVx3Kk9XYI= +k8s.io/code-generator v0.0.0-20181114232248-ae218e241252/go.mod h1:IPqxl/YHk05nodzupwjke6ctMjyNRdV2zZ5/j3/F204= k8s.io/code-generator v0.0.0-20190912054826-cd179ad6a269/go.mod h1:V5BD6M4CyaN5m+VthcclXWsVcT1Hu+glwa1bi3MIsyE= +k8s.io/code-generator v0.0.0-20191004115455-8e001e5d1894/go.mod h1:mJUgkl06XV4kstAnLHAIzJPVCOzVR+ZcfPIv4fUsFCY= k8s.io/code-generator v0.17.0/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= k8s.io/code-generator v0.17.2/go.mod h1:DVmfPQgxQENqDIzVR2ddLXMH34qeszkKSdH/N+s+38s= k8s.io/component-base v0.0.0-20190918160511-547f6c5d7090/go.mod h1:933PBGtQFJky3TEwYx4aEPZ4IxqhWh3R6DCmzqIn1hA= +k8s.io/component-base v0.0.0-20191016111319-039242c015a9/go.mod h1:SuWowIgd/dtU/m/iv8OD9eOxp3QZBBhTIiWMsBQvKjI= +k8s.io/component-base v0.0.0-20191114102325-35a9586014f7/go.mod h1:9rNMvrwbqPF4MxI+VQYETrWqMKxi8yAd8YZLdSJ9EDw= k8s.io/component-base v0.17.0/go.mod h1:rKuRAokNMY2nn2A6LP/MiwpoaMRHpfRnrPaUJJj1Yoc= k8s.io/component-base v0.17.2/go.mod h1:zMPW3g5aH7cHJpKYQ/ZsGMcgbsA/VyhEugF3QT1awLs= +k8s.io/gengo v0.0.0-20181106084056-51747d6e00da/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20190822140433-26a664648505/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20191120174120-e74f70b9b27e h1:HqlU9dKk5YVs7R84jmq6U3Wo/XslpkxHpBv2iWHLtLc= k8s.io/gengo v0.0.0-20191120174120-e74f70b9b27e/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.0.0-20190306015804-8e90cee79f82/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.3.1/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= +k8s.io/klog v0.3.2/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v0.4.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= +k8s.io/kube-aggregator v0.0.0-20191114103820-f023614fb9ea/go.mod h1:LlqyQuTxPHvUzmEgT71Cl/BB86o5+UcbN1LiGgSz94U= +k8s.io/kube-aggregator v0.17.0/go.mod h1:Vw104PtCEuT12WTVuhRFWCHXGiVqXsTzFtrvoaHxpk4= k8s.io/kube-aggregator v0.17.2 h1:3E94T8cVy3Zsh75wffsyuk04CiQ8gLzsjlaFwb1wHRA= k8s.io/kube-aggregator v0.17.2/go.mod h1:8xQTzaH0GrcKPiSB4YYWwWbeQ0j/4zRsbQt8usEMbRg= +k8s.io/kube-openapi v0.0.0-20190502190224-411b2483e503/go.mod h1:iU+ZGYsNlvU9XKUSso6SQfKTCCw7lFduMZy26Mgr2Fw= k8s.io/kube-openapi v0.0.0-20190709113604-33be087ad058/go.mod h1:nfDlWeOsu3pUf4yWGL+ERqohP4YsZcBJXWMK+gkzOA4= k8s.io/kube-openapi v0.0.0-20190816220812-743ec37842bf/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E= k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU= @@ -971,17 +1085,24 @@ k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCui k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= k8s.io/utils v0.0.0-20191114200735-6ca3b61696b6 h1:p0Ai3qVtkbCG/Af26dBmU0E1W58NID3hSSh7cMyylpM= k8s.io/utils v0.0.0-20191114200735-6ca3b61696b6/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= +knative.dev/pkg v0.0.0-20191024223035-2a3fc371d326/go.mod h1:pgODObA1dTyhNoFxPZTTjNWfx6F0aKsKzn+vaT9XO/Q= +launchpad.net/gocheck v0.0.0-20140225173054-000000000087/go.mod h1:hj7XX3B/0A+80Vse0e+BUHsHMTEhd0O4cpUHr/e/BUM= modernc.org/cc v1.0.0/go.mod h1:1Sk4//wdnYJiUIxnW8ddKpaOJCF37yAdqYnkxUpaYxw= modernc.org/golex v1.0.0/go.mod h1:b/QX9oBD/LhixY6NDh+IdGv17hgB+51fET1i2kPSmvk= modernc.org/mathutil v1.0.0/go.mod h1:wU0vUrJsVWBZ4P6e7xtFJEhFSNsfRLJ8H458uRjg03k= modernc.org/strutil v1.0.0/go.mod h1:lstksw84oURvj9y3tn8lGvRxyRC1S2+g5uuIzNfIOBs= modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= +sigs.k8s.io/controller-runtime v0.3.1-0.20191022174215-ad57a976ffa1/go.mod h1:p2vzQ3RuSVv9YR4AcM0y8TKHQA+0oLXazKFt6Z0OdS8= +sigs.k8s.io/controller-tools v0.2.2/go.mod h1:8SNGuj163x/sMwydREj7ld5mIMJu1cDanIfnx6xsU70= sigs.k8s.io/controller-tools v0.2.4/go.mod h1:m/ztfQNocGYBgTTCmFdnK94uVvgxeZeE3LtJvd/jIzA= sigs.k8s.io/kustomize v2.0.3+incompatible/go.mod h1:MkjgH3RdOWrievjo6c9T245dYlB5QeXV4WCbnt/PEpU= +sigs.k8s.io/structured-merge-diff v0.0.0-20190426204423-ea680f03cc65/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff v0.0.0-20190817042607-6149e4549fca/go.mod h1:IIgPezJWb76P0hotTxzDbWsMYB8APh18qZnxkomBpxA= sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= +sigs.k8s.io/testing_frameworks v0.1.1/go.mod h1:VVBKrHmJ6Ekkfz284YKhQePcdycOzNH9qL6ht1zEr/U= sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= +software.sslmate.com/src/go-pkcs12 v0.0.0-20180114231543-2291e8f0f237/go.mod h1:/xvNRWUqm0+/ZMiF4EX00vrSCMsE4/NHb+Pt3freEeQ= vbom.ml/util v0.0.0-20160121211510-db5cfe13f5cc/go.mod h1:so/NYdZXCz+E3ZpW0uAoCj6uzU2+8OWDFv/HxUSs7kI= diff --git a/vendor/github.com/coreos/etcd/version/version.go b/vendor/github.com/coreos/etcd/version/version.go index 607b1707..60a7bc7e 100644 --- a/vendor/github.com/coreos/etcd/version/version.go +++ b/vendor/github.com/coreos/etcd/version/version.go @@ -26,7 +26,7 @@ import ( var ( // MinClusterVersion is the min cluster version this etcd binary is compatible with. MinClusterVersion = "3.0.0" - Version = "3.3.15" + Version = "3.3.17" APIVersion = "unknown" // Git SHA Value will be set during build diff --git a/vendor/github.com/docker/go-connections/nat/nat.go b/vendor/github.com/docker/go-connections/nat/nat.go index 4d5f5ae6..bb7e4e33 100644 --- a/vendor/github.com/docker/go-connections/nat/nat.go +++ b/vendor/github.com/docker/go-connections/nat/nat.go @@ -113,7 +113,7 @@ func SplitProtoPort(rawPort string) (string, string) { } func validateProto(proto string) bool { - for _, availableProto := range []string{"tcp", "udp"} { + for _, availableProto := range []string{"tcp", "udp", "sctp"} { if availableProto == proto { return true } diff --git a/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go b/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go index 9ca97453..1ff81c33 100644 --- a/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go +++ b/vendor/github.com/docker/go-connections/tlsconfig/certpool_other.go @@ -4,7 +4,6 @@ package tlsconfig import ( "crypto/x509" - ) // SystemCertPool returns an new empty cert pool, diff --git a/vendor/github.com/docker/go-connections/tlsconfig/config.go b/vendor/github.com/docker/go-connections/tlsconfig/config.go index 1b31bbb8..0ef3fdcb 100644 --- a/vendor/github.com/docker/go-connections/tlsconfig/config.go +++ b/vendor/github.com/docker/go-connections/tlsconfig/config.go @@ -46,8 +46,6 @@ var acceptedCBCCiphers = []uint16{ tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - tls.TLS_RSA_WITH_AES_256_CBC_SHA, - tls.TLS_RSA_WITH_AES_128_CBC_SHA, } // DefaultServerAcceptedCiphers should be uses by code which already has a crypto/tls @@ -65,22 +63,34 @@ var allTLSVersions = map[uint16]struct{}{ } // ServerDefault returns a secure-enough TLS configuration for the server TLS configuration. -func ServerDefault() *tls.Config { - return &tls.Config{ - // Avoid fallback to SSL protocols < TLS1.0 - MinVersion: tls.VersionTLS10, +func ServerDefault(ops ...func(*tls.Config)) *tls.Config { + tlsconfig := &tls.Config{ + // Avoid fallback by default to SSL protocols < TLS1.2 + MinVersion: tls.VersionTLS12, PreferServerCipherSuites: true, CipherSuites: DefaultServerAcceptedCiphers, } + + for _, op := range ops { + op(tlsconfig) + } + + return tlsconfig } // ClientDefault returns a secure-enough TLS configuration for the client TLS configuration. -func ClientDefault() *tls.Config { - return &tls.Config{ +func ClientDefault(ops ...func(*tls.Config)) *tls.Config { + tlsconfig := &tls.Config{ // Prefer TLS1.2 as the client minimum MinVersion: tls.VersionTLS12, CipherSuites: clientCipherSuites, } + + for _, op := range ops { + op(tlsconfig) + } + + return tlsconfig } // certPool returns an X.509 certificate pool from `caFile`, the certificate file. diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md index 949b77e3..195333e5 100644 --- a/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md +++ b/vendor/github.com/konsorten/go-windows-terminal-sequences/README.md @@ -26,6 +26,7 @@ The tool is sponsored by the [marvin + konsorten GmbH](http://www.konsorten.de). We thank all the authors who provided code to this library: * Felix Kollmann +* Nicolas Perraut ## License diff --git a/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go new file mode 100644 index 00000000..df61a6f2 --- /dev/null +++ b/vendor/github.com/konsorten/go-windows-terminal-sequences/sequences_dummy.go @@ -0,0 +1,11 @@ +// +build linux darwin + +package sequences + +import ( + "fmt" +) + +func EnableVirtualTerminalProcessing(stream uintptr, enable bool) error { + return fmt.Errorf("windows only package") +} diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/alerting_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/alerting_types.go index 04e6d6b7..39d8ed46 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/alerting_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/alerting_types.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/rancher/norman/types" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -19,6 +21,10 @@ type ClusterAlert struct { Status AlertStatus `json:"status"` } +func (c *ClusterAlert) ObjClusterName() string { + return c.Spec.ObjClusterName() +} + type ProjectAlert struct { types.Namespaced @@ -33,6 +39,10 @@ type ProjectAlert struct { Status AlertStatus `json:"status"` } +func (p *ProjectAlert) ObjClusterName() string { + return p.Spec.ObjClusterName() +} + type AlertCommonSpec struct { DisplayName string `json:"displayName,omitempty" norman:"required"` Description string `json:"description,omitempty"` @@ -51,6 +61,10 @@ type ClusterAlertSpec struct { TargetEvent *TargetEvent `json:"targetEvent,omitempty"` } +func (c *ClusterAlertSpec) ObjClusterName() string { + return c.ClusterName +} + type ProjectAlertSpec struct { AlertCommonSpec @@ -59,6 +73,13 @@ type ProjectAlertSpec struct { TargetPod *TargetPod `json:"targetPod,omitempty"` } +func (p *ProjectAlertSpec) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type Recipient struct { Recipient string `json:"recipient,omitempty"` NotifierName string `json:"notifierName,omitempty" norman:"required,type=reference[notifier]"` @@ -113,6 +134,10 @@ type ClusterAlertGroup struct { Status AlertStatus `json:"status"` } +func (c *ClusterAlertGroup) ObjClusterName() string { + return c.Spec.ObjClusterName() +} + type ProjectAlertGroup struct { types.Namespaced @@ -127,18 +152,33 @@ type ProjectAlertGroup struct { Status AlertStatus `json:"status"` } +func (p *ProjectAlertGroup) ObjClusterName() string { + return p.Spec.ObjClusterName() +} + type ClusterGroupSpec struct { ClusterName string `json:"clusterName" norman:"type=reference[cluster]"` Recipients []Recipient `json:"recipients,omitempty"` CommonGroupField } +func (c *ClusterGroupSpec) ObjClusterName() string { + return c.ClusterName +} + type ProjectGroupSpec struct { ProjectName string `json:"projectName" norman:"type=reference[project]"` Recipients []Recipient `json:"recipients,omitempty"` CommonGroupField } +func (p *ProjectGroupSpec) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type ClusterAlertRule struct { types.Namespaced @@ -153,6 +193,10 @@ type ClusterAlertRule struct { Status AlertStatus `json:"status"` } +func (c *ClusterAlertRule) ObjClusterName() string { + return c.Spec.ObjClusterName() +} + type ClusterAlertRuleSpec struct { CommonRuleField ClusterName string `json:"clusterName" norman:"type=reference[cluster]"` @@ -164,6 +208,10 @@ type ClusterAlertRuleSpec struct { ClusterScanRule *ClusterScanRule `json:"clusterScanRule,omitempty"` } +func (c *ClusterAlertRuleSpec) ObjClusterName() string { + return c.ClusterName +} + type ProjectAlertRule struct { types.Namespaced @@ -178,6 +226,10 @@ type ProjectAlertRule struct { Status AlertStatus `json:"status"` } +func (p *ProjectAlertRule) ObjClusterName() string { + return p.Spec.ObjClusterName() +} + type ProjectAlertRuleSpec struct { CommonRuleField ProjectName string `json:"projectName" norman:"type=reference[project]"` @@ -187,6 +239,13 @@ type ProjectAlertRuleSpec struct { MetricRule *MetricRule `json:"metricRule,omitempty"` } +func (p *ProjectAlertRuleSpec) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type CommonGroupField struct { DisplayName string `json:"displayName,omitempty" norman:"required"` Description string `json:"description,omitempty"` @@ -263,6 +322,10 @@ type Notifier struct { Status NotifierStatus `json:"status"` } +func (n *Notifier) ObjClusterName() string { + return n.Spec.ObjClusterName() +} + type NotifierSpec struct { ClusterName string `json:"clusterName" norman:"type=reference[cluster]"` @@ -276,6 +339,10 @@ type NotifierSpec struct { WechatConfig *WechatConfig `json:"wechatConfig,omitempty"` } +func (n *NotifierSpec) ObjClusterName() string { + return n.ClusterName +} + type Notification struct { Message string `json:"message,omitempty"` SMTPConfig *SMTPConfig `json:"smtpConfig,omitempty"` diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/authn_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/authn_types.go index 93b8936b..f9160e93 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/authn_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/authn_types.go @@ -29,6 +29,10 @@ type Token struct { Enabled *bool `json:"enabled,omitempty" norman:"default=true"` } +func (t *Token) ObjClusterName() string { + return t.ClusterName +} + // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/authz_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/authz_types.go index 1c7aeddd..aa2a915b 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/authz_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/authz_types.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/rancher/norman/condition" "github.com/rancher/norman/types" v1 "k8s.io/api/core/v1" @@ -28,6 +30,10 @@ type Project struct { Status ProjectStatus `json:"status"` } +func (p *Project) ObjClusterName() string { + return p.Spec.ObjClusterName() +} + type ProjectStatus struct { Conditions []ProjectCondition `json:"conditions"` PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateId"` @@ -59,6 +65,10 @@ type ProjectSpec struct { EnableProjectMonitoring bool `json:"enableProjectMonitoring" norman:"default=false"` } +func (p *ProjectSpec) ObjClusterName() string { + return p.ClusterName +} + type GlobalRole struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -128,6 +138,13 @@ type ProjectRoleTemplateBinding struct { ServiceAccount string `json:"serviceAccount,omitempty" norman:"nocreate,noupdate"` } +func (p *ProjectRoleTemplateBinding) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type ClusterRoleTemplateBinding struct { types.Namespaced metav1.TypeMeta `json:",inline"` @@ -141,6 +158,10 @@ type ClusterRoleTemplateBinding struct { RoleTemplateName string `json:"roleTemplateName,omitempty" norman:"required,type=reference[roleTemplate]"` } +func (c *ClusterRoleTemplateBinding) ObjClusterName() string { + return c.ClusterName +} + type SetPodSecurityPolicyTemplateInput struct { PodSecurityPolicyTemplateName string `json:"podSecurityPolicyTemplateId" norman:"required,type=reference[podSecurityPolicyTemplate]"` } diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/catalog_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/catalog_types.go index 4085ed9f..7c2867da 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/catalog_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/catalog_types.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/rancher/norman/condition" "github.com/rancher/norman/types" v1 "k8s.io/api/core/v1" @@ -230,6 +232,13 @@ type ProjectCatalog struct { ProjectName string `json:"projectName,omitempty" norman:"type=reference[project]"` } +func (p *ProjectCatalog) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type ClusterCatalog struct { types.Namespaced diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/cluster_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/cluster_types.go index 3e3dde6a..51b03b62 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/cluster_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/cluster_types.go @@ -3,6 +3,7 @@ package v3 import ( "bytes" "encoding/gob" + "strings" "github.com/rancher/norman/condition" "github.com/rancher/norman/types" @@ -212,10 +213,18 @@ type ClusterRegistrationToken struct { Status ClusterRegistrationTokenStatus `json:"status"` } +func (c *ClusterRegistrationToken) ObjClusterName() string { + return c.Spec.ObjClusterName() +} + type ClusterRegistrationTokenSpec struct { ClusterName string `json:"clusterName" norman:"required,type=reference[cluster]"` } +func (c *ClusterRegistrationTokenSpec) ObjClusterName() string { + return c.ClusterName +} + type ClusterRegistrationTokenStatus struct { InsecureCommand string `json:"insecureCommand"` Command string `json:"command"` @@ -240,6 +249,13 @@ type ImportClusterYamlInput struct { ProjectName string `json:"projectName,omitempty" norman:"type=reference[project]"` } +func (i *ImportClusterYamlInput) ObjClusterName() string { + if parts := strings.SplitN(i.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type ImportYamlOutput struct { Message string `json:"message,omitempty"` } diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/k3s_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/k3s_types.go index 4b7e21d8..c1094ce0 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/k3s_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/k3s_types.go @@ -1,12 +1,10 @@ package v3 -import "k8s.io/apimachinery/pkg/version" - //K3sConfig provides desired configuration for k3s clusters type K3sConfig struct { - // k3s Kubernetes version - Version *version.Info `yaml:"kubernetes_version" json:"kubernetesVersion,omitempty"` - K3sUpgradeStrategy + // k3s Kubernetes version, unset the value indicates an unmanaged cluster + Version string `yaml:"kubernetes_version" json:"kubernetesVersion,omitempty"` + K3sUpgradeStrategy `yaml:"k3s_upgrade_strategy,omitempty" json:"k3supgradeStrategy,omitempty"` } //K3sUpgradeStrategy provides configuration to the downstream system-upgrade-controller diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/logging_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/logging_types.go index 1f923bf9..d08ad53e 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/logging_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/logging_types.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/rancher/norman/condition" "github.com/rancher/norman/types" v1 "k8s.io/api/core/v1" @@ -22,6 +24,10 @@ type ClusterLogging struct { Status ClusterLoggingStatus `json:"status"` } +func (c *ClusterLogging) ObjClusterName() string { + return c.Spec.ObjClusterName() +} + type ProjectLogging struct { types.Namespaced @@ -37,6 +43,10 @@ type ProjectLogging struct { Status ProjectLoggingStatus `json:"status"` } +func (p *ProjectLogging) ObjClusterName() string { + return p.Spec.ObjClusterName() +} + type LoggingCommonField struct { DisplayName string `json:"displayName,omitempty"` OutputFlushInterval int `json:"outputFlushInterval,omitempty" norman:"default=60"` @@ -60,12 +70,23 @@ type ClusterLoggingSpec struct { IncludeSystemComponent *bool `json:"includeSystemComponent,omitempty" norman:"default=true"` } +func (c *ClusterLoggingSpec) ObjClusterName() string { + return c.ClusterName +} + type ProjectLoggingSpec struct { LoggingTargets LoggingCommonField ProjectName string `json:"projectName" norman:"type=reference[project]"` } +func (p *ProjectLoggingSpec) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type ClusterLoggingStatus struct { Conditions []LoggingCondition `json:"conditions,omitempty"` AppliedSpec ClusterLoggingSpec `json:"appliedSpec,omitempty"` @@ -183,8 +204,19 @@ type ClusterTestInput struct { OutputTags map[string]string `json:"outputTags,omitempty"` } +func (c *ClusterTestInput) ObjClusterName() string { + return c.ClusterName +} + type ProjectTestInput struct { ProjectName string `json:"projectId" norman:"required,type=reference[project]"` LoggingTargets OutputTags map[string]string `json:"outputTags,omitempty"` } + +func (p *ProjectTestInput) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/machine_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/machine_types.go index aed61a59..d9ea52fd 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/machine_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/machine_types.go @@ -65,6 +65,10 @@ type Node struct { Status NodeStatus `json:"status"` } +func (in *Node) ObjClusterName() string { + return in.Namespace +} + type MetadataUpdate struct { Labels MapDelta `json:"labels,omitempty"` Annotations MapDelta `json:"annotations,omitempty"` @@ -152,6 +156,10 @@ type NodePool struct { Status NodePoolStatus `json:"status"` } +func (n *NodePool) ObjClusterName() string { + return n.Spec.ObjClusterName() +} + type NodePoolSpec struct { Etcd bool `json:"etcd"` ControlPlane bool `json:"controlPlane"` @@ -170,6 +178,10 @@ type NodePoolSpec struct { DeleteNotReadyAfterSecs time.Duration `json:"deleteNotReadyAfterSecs" norman:"default=0,max=31540000,min=0"` } +func (n *NodePoolSpec) ObjClusterName() string { + return n.ClusterName +} + type NodePoolStatus struct { Conditions []Condition `json:"conditions"` } diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/monitoring_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/monitoring_types.go index 05cc8aa9..858c4874 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/monitoring_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/monitoring_types.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/rancher/norman/condition" "github.com/rancher/norman/types" v1 "k8s.io/api/core/v1" @@ -47,6 +49,10 @@ type ClusterMonitorGraph struct { Spec ClusterMonitorGraphSpec `json:"spec"` } +func (c *ClusterMonitorGraph) ObjClusterName() string { + return c.Spec.ObjClusterName() +} + type ProjectMonitorGraph struct { types.Namespaced @@ -58,6 +64,10 @@ type ProjectMonitorGraph struct { Spec ProjectMonitorGraphSpec `json:"spec"` } +func (p *ProjectMonitorGraph) ObjClusterName() string { + return p.Spec.ObjClusterName() +} + type ClusterMonitorGraphSpec struct { ClusterName string `json:"clusterName" norman:"type=reference[cluster]"` ResourceType string `json:"resourceType,omitempty" norman:"type=enum,options=node|cluster|etcd|apiserver|scheduler|controllermanager|fluentd|istiocluster|istioproject"` @@ -65,6 +75,10 @@ type ClusterMonitorGraphSpec struct { CommonMonitorGraphSpec } +func (c *ClusterMonitorGraphSpec) ObjClusterName() string { + return c.ClusterName +} + type ProjectMonitorGraphSpec struct { ProjectName string `json:"projectName" norman:"type=reference[project]"` ResourceType string `json:"resourceType,omitempty" norman:"type=enum,options=workload|pod|container"` @@ -72,6 +86,13 @@ type ProjectMonitorGraphSpec struct { CommonMonitorGraphSpec } +func (p *ProjectMonitorGraphSpec) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type CommonMonitorGraphSpec struct { Description string `json:"description,omitempty"` MetricsSelector map[string]string `json:"metricsSelector,omitempty"` @@ -136,11 +157,22 @@ type QueryClusterMetricInput struct { CommonQueryMetricInput } +func (q *QueryClusterMetricInput) ObjClusterName() string { + return q.ClusterName +} + type QueryProjectMetricInput struct { ProjectName string `json:"projectId" norman:"type=reference[project]"` CommonQueryMetricInput } +func (q *QueryProjectMetricInput) ObjClusterName() string { + if parts := strings.SplitN(q.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type CommonQueryMetricInput struct { From string `json:"from,omitempty"` To string `json:"to,omitempty"` @@ -167,6 +199,17 @@ type ClusterMetricNamesInput struct { ClusterName string `json:"clusterId" norman:"type=reference[cluster]"` } +func (c *ClusterMetricNamesInput) ObjClusterName() string { + return c.ClusterName +} + type ProjectMetricNamesInput struct { ProjectName string `json:"projectId" norman:"type=reference[project]"` } + +func (p *ProjectMetricNamesInput) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/multi_cluster_app.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/multi_cluster_app.go index a71c4c06..6e9dffe7 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/multi_cluster_app.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/multi_cluster_app.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/rancher/norman/condition" "github.com/rancher/norman/types" v3 "github.com/rancher/types/apis/project.cattle.io/v3" @@ -50,12 +52,23 @@ type Target struct { Healthstate string `json:"healthState,omitempty"` } +func (t *Target) ObjClusterName() string { + if parts := strings.SplitN(t.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type Answer struct { ProjectName string `json:"projectName,omitempty" norman:"type=reference[project]"` ClusterName string `json:"clusterName,omitempty" norman:"type=reference[cluster]"` Values map[string]string `json:"values,omitempty" norman:"required"` } +func (a *Answer) ObjClusterName() string { + return a.ClusterName +} + type Member struct { UserName string `json:"userName,omitempty" norman:"type=reference[user]"` UserPrincipalName string `json:"userPrincipalName,omitempty" norman:"type=reference[principal]"` diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/network_policy_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/network_policy_types.go index 47f5c3d9..345b5076 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/network_policy_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/network_policy_types.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/rancher/norman/types" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -10,6 +12,13 @@ type ProjectNetworkPolicySpec struct { Description string `json:"description"` } +func (p *ProjectNetworkPolicySpec) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type ProjectNetworkPolicyStatus struct { } diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/rke_types.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/rke_types.go index 79890502..98ae1457 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/rke_types.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/rke_types.go @@ -63,6 +63,10 @@ type RancherKubernetesEngineConfig struct { UpgradeStrategy *NodeUpgradeStrategy `yaml:"upgrade_strategy,omitempty" json:"upgradeStrategy,omitempty"` } +func (r *RancherKubernetesEngineConfig) ObjClusterName() string { + return r.ClusterName +} + type NodeUpgradeStrategy struct { // MaxUnavailableWorker input can be a number of nodes or a percentage of nodes (example, max_unavailable_worker: 2 OR max_unavailable_worker: 20%) MaxUnavailableWorker string `yaml:"max_unavailable_worker" json:"maxUnavailableWorker,omitempty" norman:"min=1,default=10%"` @@ -848,7 +852,12 @@ type DNSConfig struct { } type Nodelocal struct { - IPAddress string `yaml:"ipaddress" json:"ipAddress,omitempy"` + // link-local IP for nodelocal DNS + IPAddress string `yaml:"ip_address" json:"ipAddress,omitempy"` + // Nodelocal DNS daemonset upgrade strategy + UpdateStrategy *appsv1.DaemonSetUpdateStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` + // NodeSelector key pair + NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` } // LinearAutoscalerParams contains fields expected by the cluster-proportional-autoscaler https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/blob/0c61e63fc81449abdd52315aa27179a17e5d1580/pkg/autoscaler/controller/linearcontroller/linear_controller.go#L50 diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/tools_system_images.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/tools_system_images.go index 7ea6d9e9..045b7397 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/tools_system_images.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/tools_system_images.go @@ -13,11 +13,11 @@ var ( AuthSystemImages AuthSystemImages }{ PipelineSystemImages: projectv3.PipelineSystemImages{ - Jenkins: m("rancher/pipeline-jenkins-server:v0.1.5"), - JenkinsJnlp: m("jenkins/jnlp-slave:3.40-1"), + Jenkins: m("rancher/pipeline-jenkins-server:v0.1.4"), + JenkinsJnlp: m("jenkins/jnlp-slave:3.35-4"), AlpineGit: m("rancher/pipeline-tools:v0.1.14"), PluginsDocker: m("plugins/docker:18.09"), - Minio: m("minio/minio:RELEASE.2020-02-07T23-28-16Z"), + Minio: m("minio/minio:RELEASE.2019-09-25T18-25-51Z"), Registry: m("registry:2"), RegistryProxy: m("rancher/pipeline-tools:v0.1.14"), KubeApply: m("rancher/pipeline-tools:v0.1.14"), diff --git a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/zz_generated_deepcopy.go b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/zz_generated_deepcopy.go index bd408e49..aff00512 100644 --- a/vendor/github.com/rancher/types/apis/management.cattle.io/v3/zz_generated_deepcopy.go +++ b/vendor/github.com/rancher/types/apis/management.cattle.io/v3/zz_generated_deepcopy.go @@ -2227,7 +2227,7 @@ func (in *ClusterSpec) DeepCopyInto(out *ClusterSpec) { if in.K3sConfig != nil { in, out := &in.K3sConfig, &out.K3sConfig *out = new(K3sConfig) - (*in).DeepCopyInto(*out) + **out = **in } if in.ImportedConfig != nil { in, out := &in.ImportedConfig, &out.ImportedConfig @@ -2962,7 +2962,7 @@ func (in *DNSConfig) DeepCopyInto(out *DNSConfig) { if in.Nodelocal != nil { in, out := &in.Nodelocal, &out.Nodelocal *out = new(Nodelocal) - **out = **in + (*in).DeepCopyInto(*out) } if in.UpdateStrategy != nil { in, out := &in.UpdateStrategy, &out.UpdateStrategy @@ -4524,11 +4524,6 @@ func (in *IngressConfig) DeepCopy() *IngressConfig { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *K3sConfig) DeepCopyInto(out *K3sConfig) { *out = *in - if in.Version != nil { - in, out := &in.Version, &out.Version - *out = new(version.Info) - **out = **in - } out.K3sUpgradeStrategy = in.K3sUpgradeStrategy return } @@ -6468,6 +6463,18 @@ func (in *NodeUpgradeStrategy) DeepCopy() *NodeUpgradeStrategy { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Nodelocal) DeepCopyInto(out *Nodelocal) { *out = *in + if in.UpdateStrategy != nil { + in, out := &in.UpdateStrategy, &out.UpdateStrategy + *out = new(appsv1.DaemonSetUpdateStrategy) + (*in).DeepCopyInto(*out) + } + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } return } diff --git a/vendor/github.com/rancher/types/apis/project.cattle.io/v3/app_types.go b/vendor/github.com/rancher/types/apis/project.cattle.io/v3/app_types.go index d560c0d7..805c6a56 100644 --- a/vendor/github.com/rancher/types/apis/project.cattle.io/v3/app_types.go +++ b/vendor/github.com/rancher/types/apis/project.cattle.io/v3/app_types.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/rancher/norman/condition" "github.com/rancher/norman/types" v1 "k8s.io/api/core/v1" @@ -16,6 +18,10 @@ type App struct { Status AppStatus `json:"status,omitempty"` } +func (a *App) ObjClusterName() string { + return a.Spec.ObjClusterName() +} + type AppSpec struct { ProjectName string `json:"projectName,omitempty" norman:"type=reference[/v3/schemas/project]"` Description string `json:"description,omitempty"` @@ -31,6 +37,13 @@ type AppSpec struct { ValuesYaml string `json:"valuesYaml,omitempty"` } +func (a *AppSpec) ObjClusterName() string { + if parts := strings.SplitN(a.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + var ( AppConditionInstalled condition.Cond = "Installed" AppConditionMigrated condition.Cond = "Migrated" @@ -76,6 +89,13 @@ type AppRevisionSpec struct { ProjectName string `json:"projectName,omitempty" norman:"type=reference[/v3/schemas/project]"` } +func (a *AppRevisionSpec) ObjClusterName() string { + if parts := strings.SplitN(a.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type AppRevisionStatus struct { ProjectName string `json:"projectName,omitempty" norman:"type=reference[/v3/schemas/project]"` ExternalID string `json:"externalId"` @@ -85,6 +105,13 @@ type AppRevisionStatus struct { Files map[string]string `json:"files,omitempty"` } +func (a *AppRevisionStatus) ObjClusterName() string { + if parts := strings.SplitN(a.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type AppUpgradeConfig struct { ExternalID string `json:"externalId,omitempty"` Answers map[string]string `json:"answers,omitempty"` diff --git a/vendor/github.com/rancher/types/apis/project.cattle.io/v3/pipeline_types.go b/vendor/github.com/rancher/types/apis/project.cattle.io/v3/pipeline_types.go index e4cab7a2..e330dfce 100644 --- a/vendor/github.com/rancher/types/apis/project.cattle.io/v3/pipeline_types.go +++ b/vendor/github.com/rancher/types/apis/project.cattle.io/v3/pipeline_types.go @@ -1,6 +1,8 @@ package v3 import ( + "strings" + "github.com/pkg/errors" "github.com/rancher/norman/condition" "github.com/rancher/norman/types" @@ -26,6 +28,13 @@ type SourceCodeProvider struct { Type string `json:"type" norman:"options=github|gitlab|bitbucketcloud|bitbucketserver"` } +func (s *SourceCodeProvider) ObjClusterName() string { + if parts := strings.SplitN(s.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type OauthProvider struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -61,6 +70,13 @@ type SourceCodeProviderConfig struct { Enabled bool `json:"enabled,omitempty"` } +func (s *SourceCodeProviderConfig) ObjClusterName() string { + if parts := strings.SplitN(s.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type GithubPipelineConfig struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -118,6 +134,10 @@ type Pipeline struct { Status PipelineStatus `json:"status"` } +func (p *Pipeline) ObjClusterName() string { + return p.Spec.ObjClusterName() +} + type PipelineExecution struct { types.Namespaced @@ -128,6 +148,10 @@ type PipelineExecution struct { Status PipelineExecutionStatus `json:"status"` } +func (p *PipelineExecution) ObjClusterName() string { + return p.Spec.ObjClusterName() +} + type PipelineSetting struct { types.Namespaced @@ -140,6 +164,13 @@ type PipelineSetting struct { Customized bool `json:"customized" norman:"nocreate,noupdate"` } +func (p *PipelineSetting) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type SourceCodeCredential struct { types.Namespaced @@ -150,6 +181,10 @@ type SourceCodeCredential struct { Status SourceCodeCredentialStatus `json:"status"` } +func (s *SourceCodeCredential) ObjClusterName() string { + return s.Spec.ObjClusterName() +} + type SourceCodeRepository struct { types.Namespaced @@ -160,6 +195,10 @@ type SourceCodeRepository struct { Status SourceCodeRepositoryStatus `json:"status"` } +func (s *SourceCodeRepository) ObjClusterName() string { + return s.Spec.ObjClusterName() +} + type PipelineStatus struct { PipelineState string `json:"pipelineState,omitempty" norman:"required,options=active|inactive,default=active"` NextRun int `json:"nextRun" yaml:"nextRun,omitempty" norman:"default=1,min=1"` @@ -184,6 +223,13 @@ type PipelineSpec struct { SourceCodeCredentialName string `json:"sourceCodeCredentialName,omitempty" yaml:"sourceCodeCredentialName,omitempty" norman:"type=reference[sourceCodeCredential],noupdate"` } +func (p *PipelineSpec) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type PipelineConfig struct { Stages []Stage `json:"stages,omitempty" yaml:"stages,omitempty"` @@ -314,6 +360,13 @@ type PipelineExecutionSpec struct { Email string `json:"email,omitempty"` } +func (p *PipelineExecutionSpec) ObjClusterName() string { + if parts := strings.SplitN(p.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type PipelineExecutionStatus struct { Conditions []PipelineCondition `json:"conditions,omitempty"` @@ -351,6 +404,13 @@ type SourceCodeCredentialSpec struct { Expiry string `json:"expiry,omitempty"` } +func (s *SourceCodeCredentialSpec) ObjClusterName() string { + if parts := strings.SplitN(s.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type SourceCodeCredentialStatus struct { Logout bool `json:"logout,omitempty"` } @@ -366,6 +426,13 @@ type SourceCodeRepositorySpec struct { DefaultBranch string `json:"defaultBranch,omitempty"` } +func (s *SourceCodeRepositorySpec) ObjClusterName() string { + if parts := strings.SplitN(s.ProjectName, ":", 2); len(parts) == 2 { + return parts[0] + } + return "" +} + type SourceCodeRepositoryStatus struct { } diff --git a/vendor/github.com/rancher/types/kdm/kdm.go b/vendor/github.com/rancher/types/kdm/kdm.go index 643020b5..fdaec731 100644 --- a/vendor/github.com/rancher/types/kdm/kdm.go +++ b/vendor/github.com/rancher/types/kdm/kdm.go @@ -15,6 +15,7 @@ const ( KubeDNS = "kubeDNS" MetricsServer = "metricsServer" NginxIngress = "nginxIngress" + Nodelocal = "nodelocal" TemplateKeys = "templateKeys" ) diff --git a/vendor/modules.txt b/vendor/modules.txt index f9ce43eb..0d61d7f0 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -4,7 +4,7 @@ github.com/Masterminds/goutils github.com/Masterminds/semver/v3 # github.com/Masterminds/sprig/v3 v3.0.0 github.com/Masterminds/sprig/v3 -# github.com/Microsoft/go-winio v0.4.11 +# github.com/Microsoft/go-winio v0.4.12 github.com/Microsoft/go-winio # github.com/beorn7/perks v1.0.1 github.com/beorn7/perks/quantile @@ -14,7 +14,7 @@ github.com/blang/semver github.com/cespare/xxhash/v2 # github.com/containerd/containerd v1.3.0-beta.0.0.20190808172034-23faecfb66ab github.com/containerd/containerd/errdefs -# github.com/coreos/etcd v3.3.15+incompatible +# github.com/coreos/etcd v3.3.17+incompatible github.com/coreos/etcd/client github.com/coreos/etcd/pkg/pathutil github.com/coreos/etcd/pkg/srv @@ -48,7 +48,7 @@ github.com/docker/docker/api/types/volume github.com/docker/docker/client github.com/docker/docker/errdefs github.com/docker/docker/pkg/stdcopy -# github.com/docker/go-connections v0.3.0 +# github.com/docker/go-connections v0.4.0 github.com/docker/go-connections/nat github.com/docker/go-connections/sockets github.com/docker/go-connections/tlsconfig @@ -93,7 +93,7 @@ github.com/huandu/xstrings github.com/imdario/mergo # github.com/json-iterator/go v1.1.9 github.com/json-iterator/go -# github.com/konsorten/go-windows-terminal-sequences v1.0.1 +# github.com/konsorten/go-windows-terminal-sequences v1.0.2 github.com/konsorten/go-windows-terminal-sequences # github.com/mattn/go-colorable v0.1.2 github.com/mattn/go-colorable @@ -148,13 +148,13 @@ github.com/rancher/norman/types/convert github.com/rancher/norman/types/definition github.com/rancher/norman/types/slice github.com/rancher/norman/types/values -# github.com/rancher/types v0.0.0-20200226215232-12620b5bd7ff +# github.com/rancher/types v0.0.0-20200303162837-300a04e6f743 github.com/rancher/types/apis/management.cattle.io/v3 github.com/rancher/types/apis/project.cattle.io/v3 github.com/rancher/types/condition github.com/rancher/types/image github.com/rancher/types/kdm -# github.com/rancher/wrangler v0.4.2-0.20200214231136-099089b8a398 +# github.com/rancher/wrangler v0.5.0 github.com/rancher/wrangler/pkg/name github.com/rancher/wrangler/pkg/ratelimit # github.com/sirupsen/logrus v1.4.2