From cef3da99e449a233dfea10327e44c22c2f37946e Mon Sep 17 00:00:00 2001 From: Waleed Malik Date: Wed, 29 Jun 2022 21:38:08 +0500 Subject: [PATCH] Fix scheme for controller manager & refactor way to get API server token for bootstrap script (#180) * Fix scheme for controller manager & refactor way to get API server token for bootstrap script * Fix tests and update testdata Signed-off-by: Waleed Malik --- cmd/osm-controller/main.go | 2 + deploy/cloud-init-settings.yaml | 9 + ...manager.k8c.io_operatingsystemconfigs.yaml | 2 + ...anager.k8c.io_operatingsystemprofiles.yaml | 2 + deploy/role.yaml | 1 + pkg/bootstrap/cloud_init_settings.go | 25 +- pkg/controllers/osc/osc_reconciler_test.go | 290 ++++---- .../testdata/osc-flatcar-aws-containerd.yaml | 666 +++++++++++++++++ .../osc/testdata/osc-flatcar-aws-docker.yaml | 636 ++++++++++++++++ .../osc-kubelet-configuration-containerd.yaml | 662 +++++++++++++++++ .../osc-kubelet-configuration-docker.yaml | 645 +++++++++++++++++ .../osc-rhel-8.x-azure-containerd.yaml | 677 ++++++++++++++++++ .../osc-rhel-8.x-cloud-init-modules.yaml | 662 +++++++++++++++++ .../osc/testdata/osc-ubuntu-aws-docker.yaml | 649 +++++++++++++++++ ...cret-flatcar-aws-containerd-bootstrap.yaml | 13 + ...t-flatcar-aws-containerd-provisioning.yaml | 13 + .../secret-flatcar-aws-docker-bootstrap.yaml | 13 + ...ecret-flatcar-aws-docker-provisioning.yaml | 13 + ...et-configuration-containerd-bootstrap.yaml | 13 + ...configuration-containerd-provisioning.yaml | 13 + ...ubelet-configuration-docker-bootstrap.yaml | 13 + ...let-configuration-docker-provisioning.yaml | 13 + ...rhel-8.x-cloud-init-modules-bootstrap.yaml | 13 + ...l-8.x-cloud-init-modules-provisioning.yaml | 13 + ...t-rhel-8.x-azure-containerd-bootstrap.yaml | 13 + ...hel-8.x-azure-containerd-provisioning.yaml | 13 + .../secret-ubuntu-aws-docker-bootstrap.yaml | 13 + ...secret-ubuntu-aws-docker-provisioning.yaml | 13 + .../v1alpha1/operatingsystemconfig_types.go | 1 + .../v1alpha1/operatingsystemprofile_types.go | 1 + 30 files changed, 4951 insertions(+), 161 deletions(-) diff --git a/cmd/osm-controller/main.go b/cmd/osm-controller/main.go index b5f762da..2b4b7dae 100644 --- a/cmd/osm-controller/main.go +++ b/cmd/osm-controller/main.go @@ -213,6 +213,7 @@ func main() { } workerMgr, err = manager.New(workerClusterConfig, manager.Options{ + Scheme: scheme, LeaderElection: opt.enableLeaderElection, LeaderElectionID: "operating-system-manager-worker-manager", // We use hard-coded namespace kube-system here since manager uses worker cluster config @@ -285,6 +286,7 @@ func main() { func createManager(opt *options) (manager.Manager, error) { // Manager options options := manager.Options{ + Scheme: scheme, LeaderElection: opt.enableLeaderElection, LeaderElectionID: "operating-system-manager", LeaderElectionNamespace: opt.namespace, diff --git a/deploy/cloud-init-settings.yaml b/deploy/cloud-init-settings.yaml index 2c754010..5a5a134c 100644 --- a/deploy/cloud-init-settings.yaml +++ b/deploy/cloud-init-settings.yaml @@ -26,6 +26,15 @@ metadata: name: cloud-init-getter namespace: cloud-init-settings --- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: cloud-init-getter-token + namespace: cloud-init-settings + annotations: + kubernetes.io/service-account.name: "cloud-init-getter" +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/deploy/crd/operatingsystemmanager.k8c.io_operatingsystemconfigs.yaml b/deploy/crd/operatingsystemmanager.k8c.io_operatingsystemconfigs.yaml index 801b7d43..7de1a4f3 100644 --- a/deploy/crd/operatingsystemmanager.k8c.io_operatingsystemconfigs.yaml +++ b/deploy/crd/operatingsystemmanager.k8c.io_operatingsystemconfigs.yaml @@ -12,6 +12,8 @@ spec: kind: OperatingSystemConfig listKind: OperatingSystemConfigList plural: operatingsystemconfigs + shortNames: + - osc singular: operatingsystemconfig scope: Namespaced versions: diff --git a/deploy/crd/operatingsystemmanager.k8c.io_operatingsystemprofiles.yaml b/deploy/crd/operatingsystemmanager.k8c.io_operatingsystemprofiles.yaml index 905dca54..1197bb7e 100644 --- a/deploy/crd/operatingsystemmanager.k8c.io_operatingsystemprofiles.yaml +++ b/deploy/crd/operatingsystemmanager.k8c.io_operatingsystemprofiles.yaml @@ -12,6 +12,8 @@ spec: kind: OperatingSystemProfile listKind: OperatingSystemProfileList plural: operatingsystemprofiles + shortNames: + - osp singular: operatingsystemprofile scope: Namespaced versions: diff --git a/deploy/role.yaml b/deploy/role.yaml index b3f47c19..cef84a5d 100644 --- a/deploy/role.yaml +++ b/deploy/role.yaml @@ -54,6 +54,7 @@ rules: - "" resources: - configmaps + - secrets verbs: - get - create diff --git a/pkg/bootstrap/cloud_init_settings.go b/pkg/bootstrap/cloud_init_settings.go index 940e9b03..7f3d4a4d 100644 --- a/pkg/bootstrap/cloud_init_settings.go +++ b/pkg/bootstrap/cloud_init_settings.go @@ -20,33 +20,26 @@ import ( "context" "errors" "fmt" - "strings" corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" ctrlruntimeclient "sigs.k8s.io/controller-runtime/pkg/client" ) const ( - CloudInitNamespace = "cloud-init-settings" - jwtTokenNamePrefix = "cloud-init-getter-token" + CloudInitNamespace = "cloud-init-settings" + cloudInitGetterSecret = "cloud-init-getter-token" ) func ExtractAPIServerToken(ctx context.Context, client ctrlruntimeclient.Client) (string, error) { - secretList := corev1.SecretList{} - if err := client.List(ctx, &secretList, &ctrlruntimeclient.ListOptions{Namespace: CloudInitNamespace}); err != nil { - return "", fmt.Errorf("failed to list secrets in namespace %s: %w", CloudInitNamespace, err) + secret := &corev1.Secret{} + if err := client.Get(ctx, types.NamespacedName{Name: cloudInitGetterSecret, Namespace: CloudInitNamespace}, secret); err != nil { + return "", fmt.Errorf("failed to get %s secrets in namespace %s: %w", cloudInitGetterSecret, CloudInitNamespace, err) } - for _, secret := range secretList.Items { - if strings.HasPrefix(secret.Name, jwtTokenNamePrefix) { - if secret.Data != nil { - jwtToken := secret.Data["token"] - if jwtToken != nil { - token := string(jwtToken) - return token, nil - } - } - } + token := secret.Data["token"] + if token != nil { + return string(token), nil } return "", errors.New("failed to fetch api server token") diff --git a/pkg/controllers/osc/osc_reconciler_test.go b/pkg/controllers/osc/osc_reconciler_test.go index 87ae29c2..a7290c7a 100644 --- a/pkg/controllers/osc/osc_reconciler_test.go +++ b/pkg/controllers/osc/osc_reconciler_test.go @@ -150,148 +150,148 @@ func TestReconciler_Reconcile(t *testing.T) { cloudProvider: "aws", cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, }, - // { - // name: "Ubuntu OS in AWS with Docker", - // ospFile: defaultOSPPathPrefix + "osp-ubuntu.yaml", - // ospName: "osp-ubuntu", - // operatingSystem: providerconfigtypes.OperatingSystemUbuntu, - // oscFile: "osc-ubuntu-aws-docker.yaml", - // mdName: "ubuntu-aws", - // kubeletVersion: defaultKubeletVersion, - // provisioningSecretFile: "secret-ubuntu-aws-docker-provisioning.yaml", - // bootstrapSecretFile: "secret-ubuntu-aws-docker-bootstrap.yaml", - // config: testConfig{ - // namespace: "kube-system", - // containerRuntime: "docker", - // clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, - // }, - // cloudProvider: "aws", - // cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, - // }, - // { - // name: "Flatcar OS in AWS with Containerd", - // ospFile: defaultOSPPathPrefix + "osp-flatcar.yaml", - // ospName: "osp-flatcar", - // operatingSystem: providerconfigtypes.OperatingSystemFlatcar, - // oscFile: "osc-flatcar-aws-containerd.yaml", - // mdName: "flatcar-aws-containerd", - // kubeletVersion: defaultKubeletVersion, - // provisioningSecretFile: "secret-flatcar-aws-containerd-provisioning.yaml", - // bootstrapSecretFile: "secret-flatcar-aws-containerd-bootstrap.yaml", - // config: testConfig{ - // namespace: "kube-system", - // containerRuntime: "containerd", - // clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, - // }, - // cloudProvider: "aws", - // cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, - // }, - // { - // name: "Flatcar OS in AWS with docker", - // ospFile: defaultOSPPathPrefix + "osp-flatcar.yaml", - // ospName: "osp-flatcar", - // operatingSystem: providerconfigtypes.OperatingSystemFlatcar, - // oscFile: "osc-flatcar-aws-docker.yaml", - // mdName: "flatcar-aws-docker", - // kubeletVersion: defaultKubeletVersion, - // provisioningSecretFile: "secret-flatcar-aws-docker-provisioning.yaml", - // bootstrapSecretFile: "secret-flatcar-aws-docker-bootstrap.yaml", - // config: testConfig{ - // namespace: "kube-system", - // containerRuntime: "docker", - // clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, - // }, - // cloudProvider: "aws", - // cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, - // }, - // { - // name: "RHEL OS in AWS with Containerd", - // ospFile: "osp-rhel-aws-cloud-init-modules.yaml", - // ospName: "osp-rhel-cloud-init-modules", - // operatingSystem: providerconfigtypes.OperatingSystemRHEL, - // oscFile: "osc-rhel-8.x-cloud-init-modules.yaml", - // provisioningSecretFile: "secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml", - // bootstrapSecretFile: "secret-osc-rhel-8.x-cloud-init-modules-bootstrap.yaml", - // mdName: "osp-rhel-aws", - // kubeletVersion: defaultKubeletVersion, - // config: testConfig{ - // namespace: "kube-system", - // containerRuntime: "containerd", - // clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, - // }, - // cloudProvider: "aws", - // cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, - // }, - // { - // name: "RHEL OS on Azure with Containerd", - // ospFile: defaultOSPPathPrefix + "osp-rhel.yaml", - // ospName: "osp-rhel", - // operatingSystem: providerconfigtypes.OperatingSystemRHEL, - // oscFile: "osc-rhel-8.x-azure-containerd.yaml", - // mdName: "osp-rhel-azure", - // kubeletVersion: defaultKubeletVersion, - // provisioningSecretFile: "secret-rhel-8.x-azure-containerd-provisioning.yaml", - // bootstrapSecretFile: "secret-rhel-8.x-azure-containerd-bootstrap.yaml", - // config: testConfig{ - // namespace: "kube-system", - // containerRuntime: "containerd", - // clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, - // }, - // cloudProvider: "azure", - // cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"securityGroupName": "fake-sg"}`)}, - // }, - // { - // name: "Kubelet configuration with docker", - // ospFile: defaultOSPPathPrefix + "osp-ubuntu.yaml", - // ospName: "osp-ubuntu", - // operatingSystem: providerconfigtypes.OperatingSystemUbuntu, - // oscFile: "osc-kubelet-configuration-docker.yaml", - // mdName: "kubelet-configuration", - // kubeletVersion: defaultKubeletVersion, - // provisioningSecretFile: "secret-kubelet-configuration-docker-provisioning.yaml", - // bootstrapSecretFile: "secret-kubelet-configuration-docker-bootstrap.yaml", - // config: testConfig{ - // namespace: "kube-system", - // containerRuntime: "docker", - // clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, - // }, - // cloudProvider: "aws", - // cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, - // additionalAnnotations: map[string]string{ - // "v1.kubelet-config.machine-controller.kubermatic.io/ContainerLogMaxSize": "300Mi", - // "v1.kubelet-config.machine-controller.kubermatic.io/ContainerLogMaxFiles": "30", - // "v1.kubelet-config.machine-controller.kubermatic.io/MaxPods": "110", - // "v1.kubelet-config.machine-controller.kubermatic.io/SystemReserved": "ephemeral-storage=30Gi,cpu=30m", - // "v1.kubelet-config.machine-controller.kubermatic.io/KubeReserved": "ephemeral-storage=30Gi,cpu=30m", - // "v1.kubelet-config.machine-controller.kubermatic.io/EvictionHard": "memory.available<30Mi", - // }, - // }, - // { - // name: "Kubelet configuration with containerd", - // ospFile: defaultOSPPathPrefix + "osp-ubuntu.yaml", - // ospName: "osp-ubuntu", - // operatingSystem: providerconfigtypes.OperatingSystemUbuntu, - // oscFile: "osc-kubelet-configuration-containerd.yaml", - // mdName: "kubelet-configuration", - // kubeletVersion: defaultKubeletVersion, - // provisioningSecretFile: "secret-kubelet-configuration-containerd-provisioning.yaml", - // bootstrapSecretFile: "secret-kubelet-configuration-containerd-bootstrap.yaml", - // config: testConfig{ - // namespace: "kube-system", - // containerRuntime: "containerd", - // clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, - // }, - // cloudProvider: "aws", - // cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, - // additionalAnnotations: map[string]string{ - // "v1.kubelet-config.machine-controller.kubermatic.io/ContainerLogMaxSize": "300Mi", - // "v1.kubelet-config.machine-controller.kubermatic.io/ContainerLogMaxFiles": "30", - // "v1.kubelet-config.machine-controller.kubermatic.io/MaxPods": "110", - // "v1.kubelet-config.machine-controller.kubermatic.io/SystemReserved": "ephemeral-storage=30Gi,cpu=30m", - // "v1.kubelet-config.machine-controller.kubermatic.io/KubeReserved": "ephemeral-storage=30Gi,cpu=30m", - // "v1.kubelet-config.machine-controller.kubermatic.io/EvictionHard": "memory.available<30Mi", - // }, - // }, + { + name: "Ubuntu OS in AWS with Docker", + ospFile: defaultOSPPathPrefix + "osp-ubuntu.yaml", + ospName: "osp-ubuntu", + operatingSystem: providerconfigtypes.OperatingSystemUbuntu, + oscFile: "osc-ubuntu-aws-docker.yaml", + mdName: "ubuntu-aws", + kubeletVersion: defaultKubeletVersion, + provisioningSecretFile: "secret-ubuntu-aws-docker-provisioning.yaml", + bootstrapSecretFile: "secret-ubuntu-aws-docker-bootstrap.yaml", + config: testConfig{ + namespace: "kube-system", + containerRuntime: "docker", + clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, + }, + cloudProvider: "aws", + cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, + }, + { + name: "Flatcar OS in AWS with Containerd", + ospFile: defaultOSPPathPrefix + "osp-flatcar.yaml", + ospName: "osp-flatcar", + operatingSystem: providerconfigtypes.OperatingSystemFlatcar, + oscFile: "osc-flatcar-aws-containerd.yaml", + mdName: "flatcar-aws-containerd", + kubeletVersion: defaultKubeletVersion, + provisioningSecretFile: "secret-flatcar-aws-containerd-provisioning.yaml", + bootstrapSecretFile: "secret-flatcar-aws-containerd-bootstrap.yaml", + config: testConfig{ + namespace: "kube-system", + containerRuntime: "containerd", + clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, + }, + cloudProvider: "aws", + cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, + }, + { + name: "Flatcar OS in AWS with docker", + ospFile: defaultOSPPathPrefix + "osp-flatcar.yaml", + ospName: "osp-flatcar", + operatingSystem: providerconfigtypes.OperatingSystemFlatcar, + oscFile: "osc-flatcar-aws-docker.yaml", + mdName: "flatcar-aws-docker", + kubeletVersion: defaultKubeletVersion, + provisioningSecretFile: "secret-flatcar-aws-docker-provisioning.yaml", + bootstrapSecretFile: "secret-flatcar-aws-docker-bootstrap.yaml", + config: testConfig{ + namespace: "kube-system", + containerRuntime: "docker", + clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, + }, + cloudProvider: "aws", + cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, + }, + { + name: "RHEL OS in AWS with Containerd", + ospFile: "osp-rhel-aws-cloud-init-modules.yaml", + ospName: "osp-rhel-cloud-init-modules", + operatingSystem: providerconfigtypes.OperatingSystemRHEL, + oscFile: "osc-rhel-8.x-cloud-init-modules.yaml", + provisioningSecretFile: "secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml", + bootstrapSecretFile: "secret-osc-rhel-8.x-cloud-init-modules-bootstrap.yaml", + mdName: "osp-rhel-aws", + kubeletVersion: defaultKubeletVersion, + config: testConfig{ + namespace: "kube-system", + containerRuntime: "containerd", + clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, + }, + cloudProvider: "aws", + cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, + }, + { + name: "RHEL OS on Azure with Containerd", + ospFile: defaultOSPPathPrefix + "osp-rhel.yaml", + ospName: "osp-rhel", + operatingSystem: providerconfigtypes.OperatingSystemRHEL, + oscFile: "osc-rhel-8.x-azure-containerd.yaml", + mdName: "osp-rhel-azure", + kubeletVersion: defaultKubeletVersion, + provisioningSecretFile: "secret-rhel-8.x-azure-containerd-provisioning.yaml", + bootstrapSecretFile: "secret-rhel-8.x-azure-containerd-bootstrap.yaml", + config: testConfig{ + namespace: "kube-system", + containerRuntime: "containerd", + clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, + }, + cloudProvider: "azure", + cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"securityGroupName": "fake-sg"}`)}, + }, + { + name: "Kubelet configuration with docker", + ospFile: defaultOSPPathPrefix + "osp-ubuntu.yaml", + ospName: "osp-ubuntu", + operatingSystem: providerconfigtypes.OperatingSystemUbuntu, + oscFile: "osc-kubelet-configuration-docker.yaml", + mdName: "kubelet-configuration", + kubeletVersion: defaultKubeletVersion, + provisioningSecretFile: "secret-kubelet-configuration-docker-provisioning.yaml", + bootstrapSecretFile: "secret-kubelet-configuration-docker-bootstrap.yaml", + config: testConfig{ + namespace: "kube-system", + containerRuntime: "docker", + clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, + }, + cloudProvider: "aws", + cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, + additionalAnnotations: map[string]string{ + "v1.kubelet-config.machine-controller.kubermatic.io/ContainerLogMaxSize": "300Mi", + "v1.kubelet-config.machine-controller.kubermatic.io/ContainerLogMaxFiles": "30", + "v1.kubelet-config.machine-controller.kubermatic.io/MaxPods": "110", + "v1.kubelet-config.machine-controller.kubermatic.io/SystemReserved": "ephemeral-storage=30Gi,cpu=30m", + "v1.kubelet-config.machine-controller.kubermatic.io/KubeReserved": "ephemeral-storage=30Gi,cpu=30m", + "v1.kubelet-config.machine-controller.kubermatic.io/EvictionHard": "memory.available<30Mi", + }, + }, + { + name: "Kubelet configuration with containerd", + ospFile: defaultOSPPathPrefix + "osp-ubuntu.yaml", + ospName: "osp-ubuntu", + operatingSystem: providerconfigtypes.OperatingSystemUbuntu, + oscFile: "osc-kubelet-configuration-containerd.yaml", + mdName: "kubelet-configuration", + kubeletVersion: defaultKubeletVersion, + provisioningSecretFile: "secret-kubelet-configuration-containerd-provisioning.yaml", + bootstrapSecretFile: "secret-kubelet-configuration-containerd-bootstrap.yaml", + config: testConfig{ + namespace: "kube-system", + containerRuntime: "containerd", + clusterDNSIPs: []net.IP{net.IPv4(10, 0, 0, 0)}, + }, + cloudProvider: "aws", + cloudProviderSpec: runtime.RawExtension{Raw: []byte(`{"availabilityZone": "eu-central-1b", "vpcId": "e-123f", "subnetID": "test-subnet"}`)}, + additionalAnnotations: map[string]string{ + "v1.kubelet-config.machine-controller.kubermatic.io/ContainerLogMaxSize": "300Mi", + "v1.kubelet-config.machine-controller.kubermatic.io/ContainerLogMaxFiles": "30", + "v1.kubelet-config.machine-controller.kubermatic.io/MaxPods": "110", + "v1.kubelet-config.machine-controller.kubermatic.io/SystemReserved": "ephemeral-storage=30Gi,cpu=30m", + "v1.kubelet-config.machine-controller.kubermatic.io/KubeReserved": "ephemeral-storage=30Gi,cpu=30m", + "v1.kubelet-config.machine-controller.kubermatic.io/EvictionHard": "memory.available<30Mi", + }, + }, } for _, testCase := range testCases { @@ -311,7 +311,7 @@ func TestReconciler_Reconcile(t *testing.T) { }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: "cloud-init-getter-token-xyz", + Name: "cloud-init-getter-token", Namespace: "cloud-init-settings", }, Data: map[string][]byte{ @@ -478,7 +478,7 @@ func TestOSCAndSecretRotation(t *testing.T) { }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: "cloud-init-getter-token-xyz", + Name: "cloud-init-getter-token", Namespace: "cloud-init-settings", }, Data: map[string][]byte{ @@ -675,7 +675,7 @@ func TestMachineDeploymentDeletion(t *testing.T) { }, &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ - Name: "cloud-init-getter-token-xyz", + Name: "cloud-init-getter-token", Namespace: "cloud-init-settings", }, Data: map[string][]byte{ diff --git a/pkg/controllers/osc/testdata/osc-flatcar-aws-containerd.yaml b/pkg/controllers/osc/testdata/osc-flatcar-aws-containerd.yaml index e69de29b..c4415ce3 100644 --- a/pkg/controllers/osc/testdata/osc-flatcar-aws-containerd.yaml +++ b/pkg/controllers/osc/testdata/osc-flatcar-aws-containerd.yaml @@ -0,0 +1,666 @@ +apiVersion: operatingsystemmanager.k8c.io/v1alpha1 +kind: OperatingSystemConfig +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: flatcar-aws-containerd-kube-system-config + namespace: kube-system + resourceVersion: "1" +spec: + bootstrapConfig: + files: + - content: + inline: + data: "#!/bin/bash\nset -xeuo pipefail\napt update && apt install -y curl + jq\ncurl -s -k -v --header 'Authorization: Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/flatcar-aws-containerd-kube-system-provisioning-config + | jq '.data[\"cloud-config\"]' -r| base64 -d > /usr/share/oem/config.ign\ntouch + /boot/flatcar/first_boot\nsystemctl disable bootstrap.service\nrm /etc/systemd/system/bootstrap.service\nrm + /etc/machine-id\nreboot\n" + encoding: b64 + path: /opt/bin/bootstrap + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/opt/bin/bootstrap + encoding: b64 + path: /etc/systemd/system/bootstrap.service + permissions: 644 + modules: + runcmd: + - systemctl restart bootstrap.service + - systemctl daemon-reload + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c + cloudProvider: + name: aws + spec: + availabilityZone: eu-central-1b + subnetID: test-subnet + vpcId: e-123f + osName: flatcar + osVersion: 2983.2.0 + provisioningConfig: + files: + - content: + inline: + data: | + #!/usr/bin/env bash + + # Copyright 2016 The Kubernetes Authors. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + # This script is for master and node instance health monitoring, which is + # packed in kube-manifest tarball. It is executed through a systemd service + # in cluster/gce/gci/.yaml. The env variables come from an env + # file provided by the systemd service. + + # This script is a slightly adjusted version of + # https://github.com/kubernetes/kubernetes/blob/e1a1aa211224fcd9b213420b80b2ae680669683d/cluster/gce/gci/health-monitor.sh + # Adjustments are: + # * Kubelet health port is 10248 not 10255 + # * Removal of all all references to the KUBE_ENV file + + set -o nounset + set -o pipefail + + # We simply kill the process when there is a failure. Another systemd service will + # automatically restart the process. + function container_runtime_monitoring() { + local -r max_attempts=5 + local attempt=1 + local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}" + # We still need to use 'docker ps' when container runtime is "docker". This is because + # dockershim is still part of kubelet today. When kubelet is down, crictl pods + # will also fail, and docker will be killed. This is undesirable especially when + # docker live restore is disabled. + local healthcheck_command="docker ps" + if [[ "${CONTAINER_RUNTIME:-docker}" != "docker" ]]; then + healthcheck_command="crictl pods" + fi + # Container runtime startup takes time. Make initial attempts before starting + # killing the container runtime. + until timeout 60 ${healthcheck_command} > /dev/null; do + if ((attempt == max_attempts)); then + echo "Max attempt ${max_attempts} reached! Proceeding to monitor container runtime healthiness." + break + fi + echo "$attempt initial attempt \"${healthcheck_command}\"! Trying again in $attempt seconds..." + sleep "$((2 ** attempt++))" + done + while true; do + if ! timeout 60 ${healthcheck_command} > /dev/null; then + echo "Container runtime ${container_runtime_name} failed!" + if [[ "$container_runtime_name" == "docker" ]]; then + # Dump stack of docker daemon for investigation. + # Log file name looks like goroutine-stacks-TIMESTAMP and will be saved to + # the exec root directory, which is /var/run/docker/ on Ubuntu and COS. + pkill -SIGUSR1 dockerd + fi + systemctl kill --kill-who=main "${container_runtime_name}" + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 120 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + function kubelet_monitoring() { + echo "Wait for 2 minutes for kubelet to be functional" + sleep 120 + local -r max_seconds=10 + local output="" + while true; do + local failed=false + + if journalctl -u kubelet -n 1 | grep -q "use of closed network connection"; then + failed=true + echo "Kubelet stopped posting node status. Restarting" + elif ! output=$(curl -m "${max_seconds}" -f -s -S http://127.0.0.1:10248/healthz 2>&1); then + failed=true + # Print the response and/or errors. + echo "$output" + fi + + if [[ "$failed" == "true" ]]; then + echo "Kubelet is unhealthy!" + systemctl kill kubelet + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 60 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + ############## Main Function ################ + if [[ "$#" -ne 1 ]]; then + echo "Usage: health-monitor.sh " + exit 1 + fi + + SLEEP_SECONDS=10 + component=$1 + echo "Start kubernetes health monitoring for ${component}" + if [[ "${component}" == "container-runtime" ]]; then + container_runtime_monitoring + elif [[ "${component}" == "kubelet" ]]; then + kubelet_monitoring + else + echo "Health monitoring for component ${component} is not supported!" + fi + path: /opt/bin/health-monitor.sh + permissions: 755 + - content: + inline: + data: |2+ + + path: /etc/systemd/system/systemd-networkd.service.d/10-static-network.conf + permissions: 644 + - content: + inline: + data: | + [Journal] + SystemMaxUse=5G + path: /etc/systemd/journald.conf.d/max_disk_use.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + modprobe ip_vs + modprobe ip_vs_rr + modprobe ip_vs_wrr + modprobe ip_vs_sh + + if modinfo nf_conntrack_ipv4 &> /dev/null; then + modprobe nf_conntrack_ipv4 + else + modprobe nf_conntrack + fi + path: /opt/load-kernel-modules.sh + permissions: 755 + - content: + inline: + data: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + kernel.panic_on_oops = 1 + kernel.panic = 10 + net.ipv4.ip_forward = 1 + vm.overcommit_memory = 1 + fs.inotify.max_user_watches = 1048576 + fs.inotify.max_user_instances = 8192 + path: /etc/sysctl.d/k8s.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + echodate() { + echo "[$(date -Is)]" "$@" + } + + # get the default interface IP address + DEFAULT_IFC_IP=$(ip -o route get 1 | grep -oP "src \K\S+") + + if [ -z "${DEFAULT_IFC_IP}" ] + then + echodate "Failed to get IP address for the default route interface" + exit 1 + fi + + # get the full hostname + FULL_HOSTNAME=$(hostname -f) + # if /etc/hostname is not empty then use the hostname from there + if [ -s /etc/hostname ]; then + FULL_HOSTNAME=$(cat /etc/hostname) + fi + + # write the nodeip_env file + # we need the line below because flatcar has the same string "coreos" in that file + if grep -q coreos /etc/os-release + then + echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf + elif [ ! -d /etc/systemd/system/kubelet.service.d ] + then + echodate "Can't find kubelet service extras directory" + exit 1 + else + echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf + fi + path: /opt/bin/setup_net_env.sh + permissions: 755 + - content: + inline: + data: | + #!/usr/bin/env bash + set -xeuo pipefail + + opt_bin=/opt/bin + usr_local_bin=/usr/local/bin + cni_bin_dir=/opt/cni/bin + mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir" + mkdir -p /etc/kubernetes/dynamic-config-dir + arch=${HOST_ARCH-} + if [ -z "$arch" ] + then + case $(uname -m) in + x86_64) + arch="amd64" + ;; + aarch64) + arch="arm64" + ;; + *) + echo "unsupported CPU architecture, exiting" + exit 1 + ;; + esac + fi + CNI_VERSION="${CNI_VERSION:-v0.8.7}" + cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION" + cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz" + curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename" + cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256") + cd "$cni_bin_dir" + sha256sum -c <<<"$cni_sum" + tar xvf "$cni_filename" + rm -f "$cni_filename" + cd - + CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}" + cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}" + cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz" + curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename" + cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///') + cd "$opt_bin" + sha256sum -c <<<"$cri_tools_sum" + tar xvf "$cri_tools_filename" + rm -f "$cri_tools_filename" + ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped" + cd - + KUBE_VERSION="${KUBE_VERSION:-v1.22.2}" + kube_dir="$opt_bin/kubernetes-$KUBE_VERSION" + kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch" + kube_sum_file="$kube_dir/sha256" + mkdir -p "$kube_dir" + : >"$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin" + chmod +x "$kube_dir/$bin" + sum=$(curl -Lf "$kube_base_url/$bin.sha256") + echo "$sum $kube_dir/$bin" >>"$kube_sum_file" + done + sha256sum -c "$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + ln -sf "$kube_dir/$bin" "$opt_bin"/$bin + done + + systemctl disable download-script.service + path: /opt/bin/download.sh + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + cat << EOF | tee /etc/polkit-1/rules.d/60-noreboot_norestart.rules + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions") { + if (subject.user == "core") { + return polkit.Result.YES; + } else { + return polkit.Result.AUTH_ADMIN; + } + } + }); + EOF + systemctl stop docker + systemctl disable docker + + systemctl enable --now kubelet + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl disable setup.service + path: /opt/bin/setup + permissions: 755 + - content: + inline: + data: | + -----BEGIN CERTIFICATE----- + MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV + BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG + A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3 + DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0 + NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG + cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv + c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS + R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT + ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk + JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3 + mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW + caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G + A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt + hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB + MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES + MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv + bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h + U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao + eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4 + UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD + 58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n + sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF + kPe6XoSbiLm/kxk32T0= + -----END CERTIFICATE----- + path: /etc/kubernetes/pki/ca.crt + permissions: 644 + - content: + inline: + data: |+ + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREE5TVRzd09RWURWUVFERXpKeWIyOTAKTFdOaExuUTNjV3R4ZURWeGRDNWxkWEp2Y0dVdGQyVnpkRE10WXk1a1pYWXVhM1ZpWlhKdFlYUnBZeTVwYnpBZQpGdzB4T0RBeU1ERXhNelUyTURoYUZ3MHlPREF4TXpBeE16VTJNRGhhTUQweE96QTVCZ05WQkFNVE1uSnZiM1F0ClkyRXVkRGR4YTNGNE5YRjBMbVYxY205d1pTMTNaWE4wTXkxakxtUmxkaTVyZFdKbGNtMWhkR2xqTG1sdk1JSUIKSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA2SDZWNTZiWUh2Q2V6TGtyZkl6TTgxYgppbzcvWmF3L0xLRXcwZUYrTE12NEUrL1EvZkZoc0hDK21oZUxnMUhXVVBGUFJrNFBRODVtQS80dGppbWpTUEZECms2U0ltektGTFlRZ3dDZ2dpVzhOMmhPKzl6ckJVQUxKRkdCNjRvT2NiQmo2RXIvK05sUEdJM1JSV1dkaUVUV0YKV1lDNGpmSmpiRjVQYnl5WEhuc0dmdFNOWVpCTDcxVzdoOWpMV3B5VVdLTDZaWUFOd0RPTjJSYnA3dHB1dzBYNgprayswQVZ3VnprMzArTU56bWY1MHF3K284MThiZkxVRGthTk1mTFM2STB3UW03UkdnK01nVlJEeTNDdVlxZklXClkyeng2YzdQcXpGc1ZWZklyYTBiMHFhdE5sMVhIajh0K0dOcWRiaTIvRlFqQ3hpbFROdW50VDN2eTJlT0hRSUQKQVFBQm95TXdJVEFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBSW1FbklYVjNEeW1DcTlxUDdwK3VKNTV1Zlhka1IyZ2hEVVlyVFRjUHdqUjJqVEhhCmlaQStnOG42UXJVb0NENnN6RytsaGFsN2hQNnhkV3VSalhGSE83Yk52NjNJcUVHelJEZ3c1Z3djcVVUWkV2d2cKZ216NzU5dy9hRmYxVjEyaDFhZlBtQTlFRzVOZEh4c3g5QWxIK0Y2dHlzcHBXaFU4WEVRVUFLQ1BqbndVbUs0cAo3Z3ZUWnIyeno0bndoWm8zTDg5MDNxcHRjcTFsWjRPWXNEb1hvbDF1emFRSDgyeHl3ZVNLQ0tYcE9iaXplNVowCndwbmpkRHVIODd4NHI0TGpNWnB1M3ZYNkxqQkRNUFdrSEhQTjVBaW0xSkx0Ny9STFBnVHRqc0pNclRBUzdoZ1oKZktMTDlRTVFsNnMxckhKNEtrL2U3S0c4SEE0aEVORWhrOVlEZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://foo.bar:6443 + name: c + contexts: + - context: + cluster: c + user: c + name: c + current-context: c + kind: Config + preferences: {} + users: + - name: c + user: + token: test.test + + path: /etc/kubernetes/bootstrap-kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + After=containerd.service + Requires=containerd.service + + Description=kubelet: The Kubernetes Node Agent + Documentation=https://kubernetes.io/docs/home/ + + [Service] + User=root + Restart=always + StartLimitInterval=0 + RestartSec=10 + CPUAccounting=true + MemoryAccounting=true + + Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/" + EnvironmentFile=-/etc/environment + EnvironmentFile=/etc/kubernetes/nodeip.conf + + ExecStartPre=/bin/bash /opt/load-kernel-modules.sh + ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh + ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \ + --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --config=/etc/kubernetes/kubelet.conf \ + --network-plugin=cni \ + --cert-dir=/etc/kubernetes/pki \ + --cloud-provider=aws \ + --cloud-config=/etc/kubernetes/cloud-config \ + --dynamic-config-dir=/etc/kubernetes/dynamic-config-dir \ + --feature-gates=DynamicKubeletConfig=true \ + --exit-on-lock-contention \ + --lock-file=/tmp/kubelet.lock \ + --container-runtime=remote \ + --container-runtime-endpoint=unix:///run/containerd/containerd.sock \ + --node-ip ${KUBELET_NODE_IP} + + [Install] + WantedBy=multi-user.target + path: /etc/systemd/system/kubelet.service + permissions: 644 + - content: + inline: + data: |+ + [global] + Zone="eu-central-1b" + VPC="e-123f" + SubnetID="test-subnet" + + path: /etc/kubernetes/cloud-config + permissions: 400 + - content: + inline: + data: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt + authorization: + mode: Webhook + cgroupDriver: systemd + clusterDNS: + - "10.0.0.0" + clusterDomain: cluster.local + containerLogMaxSize: 100Mi + containerLogMaxFiles: 5 + featureGates: + GracefulNodeShutdown: true + IdentifyPodOS: false + protectKernelDefaults: true + readOnlyPort: 0 + rotateCertificates: true + serverTLSBootstrap: true + staticPodPath: /etc/kubernetes/manifests + kubeReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + systemReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% + tlsCipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + volumePluginDir: /var/lib/kubelet/volumeplugins + path: /etc/kubernetes/kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + path: /etc/systemd/system/kubelet-healthcheck.service + permissions: 644 + - content: + inline: + data: | + 1 + path: /proc/sys/kernel/panic_on_oops + permissions: 644 + - content: + inline: + data: | + 10 + path: /proc/sys/kernel/panic + permissions: 644 + - content: + inline: + data: | + 1 + path: /proc/sys/vm/overcommit_memory + permissions: 644 + - content: + inline: + data: | + # Use most defaults for sshd configuration. + Subsystem sftp internal-sftp + ClientAliveInterval 180 + UseDNS no + UsePAM yes + PrintLastLog no # handled by PAM + PrintMotd no # handled by PAM + PasswordAuthentication no + ChallengeResponseAuthentication no + path: /etc/ssh/sshd_config + permissions: 600 + - content: + inline: + data: |+ + version = 2 + + [metrics] + address = "127.0.0.1:1338" + + [plugins] + [plugins."io.containerd.grpc.v1.cri"] + sandbox_image = "192.168.100.100:5000/kubernetes/pause:v3.1" + [plugins."io.containerd.grpc.v1.cri".containerd] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true + [plugins."io.containerd.grpc.v1.cri".registry] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] + endpoint = ["https://registry.docker-cn.com"] + [plugins."io.containerd.grpc.v1.cri".registry.configs] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.0.0.1:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.0.0.1:5000".tls] + insecure_skip_verify = true + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.100:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.100:5000".tls] + insecure_skip_verify = true + + path: /etc/containerd/config.toml + permissions: 600 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/containerd.service.d/environment.conf + permissions: 644 + - content: + inline: + data: | + [Service] + EnvironmentFile=/run/metadata/torcx + Environment=CONTAINERD_CONFIG=/etc/containerd/config.toml + ExecStart= + ExecStart=/usr/bin/env PATH=${TORCX_BINDIR}:${PATH} ${TORCX_BINDIR}/containerd --config ${CONTAINERD_CONFIG} + path: /etc/systemd/system/containerd.service.d/10-custom.conf + permissions: 644 + - content: + inline: + data: | + runtime-endpoint: unix:///run/containerd/containerd.sock + path: /etc/crictl.yaml + permissions: 644 + units: + - content: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=download-script.service + Requires=nodeip.service + After=download-script.service + After=nodeip.service + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/setup + enable: true + name: setup.service + - content: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/download.sh + enable: true + name: download-script.service + - content: | + [Unit] + Description=Setup Kubelet Node IP Env + Requires=network-online.target + After=network-online.target + + [Service] + ExecStart=/opt/bin/setup_net_env.sh + RemainAfterExit=yes + Type=oneshot + [Install] + WantedBy=multi-user.target + enable: true + name: nodeip.service + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c diff --git a/pkg/controllers/osc/testdata/osc-flatcar-aws-docker.yaml b/pkg/controllers/osc/testdata/osc-flatcar-aws-docker.yaml index e69de29b..653517ec 100644 --- a/pkg/controllers/osc/testdata/osc-flatcar-aws-docker.yaml +++ b/pkg/controllers/osc/testdata/osc-flatcar-aws-docker.yaml @@ -0,0 +1,636 @@ +apiVersion: operatingsystemmanager.k8c.io/v1alpha1 +kind: OperatingSystemConfig +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: flatcar-aws-docker-kube-system-config + namespace: kube-system + resourceVersion: "1" +spec: + bootstrapConfig: + files: + - content: + inline: + data: "#!/bin/bash\nset -xeuo pipefail\napt update && apt install -y curl + jq\ncurl -s -k -v --header 'Authorization: Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/flatcar-aws-docker-kube-system-provisioning-config + | jq '.data[\"cloud-config\"]' -r| base64 -d > /usr/share/oem/config.ign\ntouch + /boot/flatcar/first_boot\nsystemctl disable bootstrap.service\nrm /etc/systemd/system/bootstrap.service\nrm + /etc/machine-id\nreboot\n" + encoding: b64 + path: /opt/bin/bootstrap + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/opt/bin/bootstrap + encoding: b64 + path: /etc/systemd/system/bootstrap.service + permissions: 644 + modules: + runcmd: + - systemctl restart bootstrap.service + - systemctl daemon-reload + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c + cloudProvider: + name: aws + spec: + availabilityZone: eu-central-1b + subnetID: test-subnet + vpcId: e-123f + osName: flatcar + osVersion: 2983.2.0 + provisioningConfig: + files: + - content: + inline: + data: | + #!/usr/bin/env bash + + # Copyright 2016 The Kubernetes Authors. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + # This script is for master and node instance health monitoring, which is + # packed in kube-manifest tarball. It is executed through a systemd service + # in cluster/gce/gci/.yaml. The env variables come from an env + # file provided by the systemd service. + + # This script is a slightly adjusted version of + # https://github.com/kubernetes/kubernetes/blob/e1a1aa211224fcd9b213420b80b2ae680669683d/cluster/gce/gci/health-monitor.sh + # Adjustments are: + # * Kubelet health port is 10248 not 10255 + # * Removal of all all references to the KUBE_ENV file + + set -o nounset + set -o pipefail + + # We simply kill the process when there is a failure. Another systemd service will + # automatically restart the process. + function container_runtime_monitoring() { + local -r max_attempts=5 + local attempt=1 + local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}" + # We still need to use 'docker ps' when container runtime is "docker". This is because + # dockershim is still part of kubelet today. When kubelet is down, crictl pods + # will also fail, and docker will be killed. This is undesirable especially when + # docker live restore is disabled. + local healthcheck_command="docker ps" + if [[ "${CONTAINER_RUNTIME:-docker}" != "docker" ]]; then + healthcheck_command="crictl pods" + fi + # Container runtime startup takes time. Make initial attempts before starting + # killing the container runtime. + until timeout 60 ${healthcheck_command} > /dev/null; do + if ((attempt == max_attempts)); then + echo "Max attempt ${max_attempts} reached! Proceeding to monitor container runtime healthiness." + break + fi + echo "$attempt initial attempt \"${healthcheck_command}\"! Trying again in $attempt seconds..." + sleep "$((2 ** attempt++))" + done + while true; do + if ! timeout 60 ${healthcheck_command} > /dev/null; then + echo "Container runtime ${container_runtime_name} failed!" + if [[ "$container_runtime_name" == "docker" ]]; then + # Dump stack of docker daemon for investigation. + # Log file name looks like goroutine-stacks-TIMESTAMP and will be saved to + # the exec root directory, which is /var/run/docker/ on Ubuntu and COS. + pkill -SIGUSR1 dockerd + fi + systemctl kill --kill-who=main "${container_runtime_name}" + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 120 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + function kubelet_monitoring() { + echo "Wait for 2 minutes for kubelet to be functional" + sleep 120 + local -r max_seconds=10 + local output="" + while true; do + local failed=false + + if journalctl -u kubelet -n 1 | grep -q "use of closed network connection"; then + failed=true + echo "Kubelet stopped posting node status. Restarting" + elif ! output=$(curl -m "${max_seconds}" -f -s -S http://127.0.0.1:10248/healthz 2>&1); then + failed=true + # Print the response and/or errors. + echo "$output" + fi + + if [[ "$failed" == "true" ]]; then + echo "Kubelet is unhealthy!" + systemctl kill kubelet + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 60 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + ############## Main Function ################ + if [[ "$#" -ne 1 ]]; then + echo "Usage: health-monitor.sh " + exit 1 + fi + + SLEEP_SECONDS=10 + component=$1 + echo "Start kubernetes health monitoring for ${component}" + if [[ "${component}" == "container-runtime" ]]; then + container_runtime_monitoring + elif [[ "${component}" == "kubelet" ]]; then + kubelet_monitoring + else + echo "Health monitoring for component ${component} is not supported!" + fi + path: /opt/bin/health-monitor.sh + permissions: 755 + - content: + inline: + data: |2+ + + path: /etc/systemd/system/systemd-networkd.service.d/10-static-network.conf + permissions: 644 + - content: + inline: + data: | + [Journal] + SystemMaxUse=5G + path: /etc/systemd/journald.conf.d/max_disk_use.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + modprobe ip_vs + modprobe ip_vs_rr + modprobe ip_vs_wrr + modprobe ip_vs_sh + + if modinfo nf_conntrack_ipv4 &> /dev/null; then + modprobe nf_conntrack_ipv4 + else + modprobe nf_conntrack + fi + path: /opt/load-kernel-modules.sh + permissions: 755 + - content: + inline: + data: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + kernel.panic_on_oops = 1 + kernel.panic = 10 + net.ipv4.ip_forward = 1 + vm.overcommit_memory = 1 + fs.inotify.max_user_watches = 1048576 + fs.inotify.max_user_instances = 8192 + path: /etc/sysctl.d/k8s.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + echodate() { + echo "[$(date -Is)]" "$@" + } + + # get the default interface IP address + DEFAULT_IFC_IP=$(ip -o route get 1 | grep -oP "src \K\S+") + + if [ -z "${DEFAULT_IFC_IP}" ] + then + echodate "Failed to get IP address for the default route interface" + exit 1 + fi + + # get the full hostname + FULL_HOSTNAME=$(hostname -f) + # if /etc/hostname is not empty then use the hostname from there + if [ -s /etc/hostname ]; then + FULL_HOSTNAME=$(cat /etc/hostname) + fi + + # write the nodeip_env file + # we need the line below because flatcar has the same string "coreos" in that file + if grep -q coreos /etc/os-release + then + echo -e "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf + elif [ ! -d /etc/systemd/system/kubelet.service.d ] + then + echodate "Can't find kubelet service extras directory" + exit 1 + else + echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf + fi + path: /opt/bin/setup_net_env.sh + permissions: 755 + - content: + inline: + data: | + #!/usr/bin/env bash + set -xeuo pipefail + + opt_bin=/opt/bin + usr_local_bin=/usr/local/bin + cni_bin_dir=/opt/cni/bin + mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir" + mkdir -p /etc/kubernetes/dynamic-config-dir + arch=${HOST_ARCH-} + if [ -z "$arch" ] + then + case $(uname -m) in + x86_64) + arch="amd64" + ;; + aarch64) + arch="arm64" + ;; + *) + echo "unsupported CPU architecture, exiting" + exit 1 + ;; + esac + fi + CNI_VERSION="${CNI_VERSION:-v0.8.7}" + cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION" + cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz" + curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename" + cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256") + cd "$cni_bin_dir" + sha256sum -c <<<"$cni_sum" + tar xvf "$cni_filename" + rm -f "$cni_filename" + cd - + CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}" + cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}" + cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz" + curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename" + cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///') + cd "$opt_bin" + sha256sum -c <<<"$cri_tools_sum" + tar xvf "$cri_tools_filename" + rm -f "$cri_tools_filename" + ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped" + cd - + KUBE_VERSION="${KUBE_VERSION:-v1.22.2}" + kube_dir="$opt_bin/kubernetes-$KUBE_VERSION" + kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch" + kube_sum_file="$kube_dir/sha256" + mkdir -p "$kube_dir" + : >"$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin" + chmod +x "$kube_dir/$bin" + sum=$(curl -Lf "$kube_base_url/$bin.sha256") + echo "$sum $kube_dir/$bin" >>"$kube_sum_file" + done + sha256sum -c "$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + ln -sf "$kube_dir/$bin" "$opt_bin"/$bin + done + + systemctl disable download-script.service + path: /opt/bin/download.sh + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + cat << EOF | tee /etc/polkit-1/rules.d/60-noreboot_norestart.rules + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.login1.reboot" || + action.id == "org.freedesktop.login1.reboot-multiple-sessions") { + if (subject.user == "core") { + return polkit.Result.YES; + } else { + return polkit.Result.AUTH_ADMIN; + } + } + }); + EOF + systemctl stop containerd + systemctl disable containerd + + systemctl enable --now kubelet + systemctl enable --now --no-block kubelet-healthcheck.service + systemctl disable setup.service + path: /opt/bin/setup + permissions: 755 + - content: + inline: + data: | + -----BEGIN CERTIFICATE----- + MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV + BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG + A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3 + DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0 + NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG + cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv + c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS + R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT + ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk + JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3 + mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW + caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G + A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt + hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB + MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES + MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv + bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h + U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao + eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4 + UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD + 58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n + sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF + kPe6XoSbiLm/kxk32T0= + -----END CERTIFICATE----- + path: /etc/kubernetes/pki/ca.crt + permissions: 644 + - content: + inline: + data: |+ + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREE5TVRzd09RWURWUVFERXpKeWIyOTAKTFdOaExuUTNjV3R4ZURWeGRDNWxkWEp2Y0dVdGQyVnpkRE10WXk1a1pYWXVhM1ZpWlhKdFlYUnBZeTVwYnpBZQpGdzB4T0RBeU1ERXhNelUyTURoYUZ3MHlPREF4TXpBeE16VTJNRGhhTUQweE96QTVCZ05WQkFNVE1uSnZiM1F0ClkyRXVkRGR4YTNGNE5YRjBMbVYxY205d1pTMTNaWE4wTXkxakxtUmxkaTVyZFdKbGNtMWhkR2xqTG1sdk1JSUIKSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA2SDZWNTZiWUh2Q2V6TGtyZkl6TTgxYgppbzcvWmF3L0xLRXcwZUYrTE12NEUrL1EvZkZoc0hDK21oZUxnMUhXVVBGUFJrNFBRODVtQS80dGppbWpTUEZECms2U0ltektGTFlRZ3dDZ2dpVzhOMmhPKzl6ckJVQUxKRkdCNjRvT2NiQmo2RXIvK05sUEdJM1JSV1dkaUVUV0YKV1lDNGpmSmpiRjVQYnl5WEhuc0dmdFNOWVpCTDcxVzdoOWpMV3B5VVdLTDZaWUFOd0RPTjJSYnA3dHB1dzBYNgprayswQVZ3VnprMzArTU56bWY1MHF3K284MThiZkxVRGthTk1mTFM2STB3UW03UkdnK01nVlJEeTNDdVlxZklXClkyeng2YzdQcXpGc1ZWZklyYTBiMHFhdE5sMVhIajh0K0dOcWRiaTIvRlFqQ3hpbFROdW50VDN2eTJlT0hRSUQKQVFBQm95TXdJVEFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBSW1FbklYVjNEeW1DcTlxUDdwK3VKNTV1Zlhka1IyZ2hEVVlyVFRjUHdqUjJqVEhhCmlaQStnOG42UXJVb0NENnN6RytsaGFsN2hQNnhkV3VSalhGSE83Yk52NjNJcUVHelJEZ3c1Z3djcVVUWkV2d2cKZ216NzU5dy9hRmYxVjEyaDFhZlBtQTlFRzVOZEh4c3g5QWxIK0Y2dHlzcHBXaFU4WEVRVUFLQ1BqbndVbUs0cAo3Z3ZUWnIyeno0bndoWm8zTDg5MDNxcHRjcTFsWjRPWXNEb1hvbDF1emFRSDgyeHl3ZVNLQ0tYcE9iaXplNVowCndwbmpkRHVIODd4NHI0TGpNWnB1M3ZYNkxqQkRNUFdrSEhQTjVBaW0xSkx0Ny9STFBnVHRqc0pNclRBUzdoZ1oKZktMTDlRTVFsNnMxckhKNEtrL2U3S0c4SEE0aEVORWhrOVlEZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://foo.bar:6443 + name: c + contexts: + - context: + cluster: c + user: c + name: c + current-context: c + kind: Config + preferences: {} + users: + - name: c + user: + token: test.test + + path: /etc/kubernetes/bootstrap-kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + After=docker.service + Requires=docker.service + + Description=kubelet: The Kubernetes Node Agent + Documentation=https://kubernetes.io/docs/home/ + + [Service] + User=root + Restart=always + StartLimitInterval=0 + RestartSec=10 + CPUAccounting=true + MemoryAccounting=true + + Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/" + EnvironmentFile=-/etc/environment + EnvironmentFile=/etc/kubernetes/nodeip.conf + + ExecStartPre=/bin/bash /opt/load-kernel-modules.sh + ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh + ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \ + --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --config=/etc/kubernetes/kubelet.conf \ + --network-plugin=cni \ + --cert-dir=/etc/kubernetes/pki \ + --cloud-provider=aws \ + --cloud-config=/etc/kubernetes/cloud-config \ + --dynamic-config-dir=/etc/kubernetes/dynamic-config-dir \ + --feature-gates=DynamicKubeletConfig=true \ + --exit-on-lock-contention \ + --lock-file=/tmp/kubelet.lock \ + --container-runtime=docker \ + --container-runtime-endpoint=unix:///var/run/dockershim.sock \ + --node-ip ${KUBELET_NODE_IP} + + [Install] + WantedBy=multi-user.target + path: /etc/systemd/system/kubelet.service + permissions: 644 + - content: + inline: + data: |+ + [global] + Zone="eu-central-1b" + VPC="e-123f" + SubnetID="test-subnet" + + path: /etc/kubernetes/cloud-config + permissions: 400 + - content: + inline: + data: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt + authorization: + mode: Webhook + cgroupDriver: systemd + clusterDNS: + - "10.0.0.0" + clusterDomain: cluster.local + featureGates: + GracefulNodeShutdown: true + IdentifyPodOS: false + protectKernelDefaults: true + readOnlyPort: 0 + rotateCertificates: true + serverTLSBootstrap: true + staticPodPath: /etc/kubernetes/manifests + kubeReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + systemReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% + tlsCipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + volumePluginDir: /var/lib/kubelet/volumeplugins + path: /etc/kubernetes/kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + path: /etc/systemd/system/kubelet-healthcheck.service + permissions: 644 + - content: + inline: + data: | + 1 + path: /proc/sys/kernel/panic_on_oops + permissions: 644 + - content: + inline: + data: | + 10 + path: /proc/sys/kernel/panic + permissions: 644 + - content: + inline: + data: | + 1 + path: /proc/sys/vm/overcommit_memory + permissions: 644 + - content: + inline: + data: | + # Use most defaults for sshd configuration. + Subsystem sftp internal-sftp + ClientAliveInterval 180 + UseDNS no + UsePAM yes + PrintLastLog no # handled by PAM + PrintMotd no # handled by PAM + PasswordAuthentication no + ChallengeResponseAuthentication no + path: /etc/ssh/sshd_config + permissions: 600 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/containerd.service.d/environment.conf + permissions: 644 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/docker.service.d/environment.conf + permissions: 644 + - content: + inline: + data: '{"exec-opts":["native.cgroupdriver=systemd"],"storage-driver":"overlay2","log-driver":"json-file","log-opts":{"max-file":"5","max-size":"100m"},"insecure-registries":["192.168.100.100:5000","10.0.0.1:5000"],"registry-mirrors":["https://registry.docker-cn.com"]}' + path: /etc/docker/daemon.json + permissions: 644 + - content: + inline: + data: "" + encoding: b64 + path: /root/.docker/config.json + permissions: 600 + units: + - content: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=download-script.service + Requires=nodeip.service + After=download-script.service + After=nodeip.service + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/setup + enable: true + name: setup.service + - content: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/download.sh + enable: true + name: download-script.service + - content: | + [Unit] + Description=Setup Kubelet Node IP Env + Requires=network-online.target + After=network-online.target + + [Service] + ExecStart=/opt/bin/setup_net_env.sh + RemainAfterExit=yes + Type=oneshot + [Install] + WantedBy=multi-user.target + enable: true + name: nodeip.service + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c diff --git a/pkg/controllers/osc/testdata/osc-kubelet-configuration-containerd.yaml b/pkg/controllers/osc/testdata/osc-kubelet-configuration-containerd.yaml index e69de29b..ab451297 100644 --- a/pkg/controllers/osc/testdata/osc-kubelet-configuration-containerd.yaml +++ b/pkg/controllers/osc/testdata/osc-kubelet-configuration-containerd.yaml @@ -0,0 +1,662 @@ +apiVersion: operatingsystemmanager.k8c.io/v1alpha1 +kind: OperatingSystemConfig +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: kubelet-configuration-kube-system-config + namespace: kube-system + resourceVersion: "1" +spec: + bootstrapConfig: + files: + - content: + inline: + data: "#!/bin/bash\nset -xeuo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt + update && apt install -y curl jq\ncurl -s -k -v --header 'Authorization: + Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/kubelet-configuration-kube-system-provisioning-config + | jq '.data[\"cloud-config\"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/kubelet-configuration-kube-system-provisioning-config.cfg\ncloud-init + clean\ncloud-init --file /etc/cloud/cloud.cfg.d/kubelet-configuration-kube-system-provisioning-config.cfg + init\nsystemctl daemon-reload\n\nsystemctl restart setup.service\n" + encoding: b64 + path: /opt/bin/bootstrap + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/opt/bin/bootstrap + encoding: b64 + path: /etc/systemd/system/bootstrap.service + permissions: 644 + modules: + runcmd: + - systemctl restart bootstrap.service + - systemctl daemon-reload + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c + cloudProvider: + name: aws + spec: + availabilityZone: eu-central-1b + subnetID: test-subnet + vpcId: e-123f + osName: ubuntu + osVersion: "20.04" + provisioningConfig: + files: + - content: + inline: + data: | + #!/usr/bin/env bash + + # Copyright 2016 The Kubernetes Authors. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + # This script is for master and node instance health monitoring, which is + # packed in kube-manifest tarball. It is executed through a systemd service + # in cluster/gce/gci/.yaml. The env variables come from an env + # file provided by the systemd service. + + # This script is a slightly adjusted version of + # https://github.com/kubernetes/kubernetes/blob/e1a1aa211224fcd9b213420b80b2ae680669683d/cluster/gce/gci/health-monitor.sh + # Adjustments are: + # * Kubelet health port is 10248 not 10255 + # * Removal of all all references to the KUBE_ENV file + + set -o nounset + set -o pipefail + + # We simply kill the process when there is a failure. Another systemd service will + # automatically restart the process. + function container_runtime_monitoring() { + local -r max_attempts=5 + local attempt=1 + local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}" + # We still need to use 'docker ps' when container runtime is "docker". This is because + # dockershim is still part of kubelet today. When kubelet is down, crictl pods + # will also fail, and docker will be killed. This is undesirable especially when + # docker live restore is disabled. + local healthcheck_command="docker ps" + if [[ "${CONTAINER_RUNTIME:-docker}" != "docker" ]]; then + healthcheck_command="crictl pods" + fi + # Container runtime startup takes time. Make initial attempts before starting + # killing the container runtime. + until timeout 60 ${healthcheck_command} > /dev/null; do + if ((attempt == max_attempts)); then + echo "Max attempt ${max_attempts} reached! Proceeding to monitor container runtime healthiness." + break + fi + echo "$attempt initial attempt \"${healthcheck_command}\"! Trying again in $attempt seconds..." + sleep "$((2 ** attempt++))" + done + while true; do + if ! timeout 60 ${healthcheck_command} > /dev/null; then + echo "Container runtime ${container_runtime_name} failed!" + if [[ "$container_runtime_name" == "docker" ]]; then + # Dump stack of docker daemon for investigation. + # Log file name looks like goroutine-stacks-TIMESTAMP and will be saved to + # the exec root directory, which is /var/run/docker/ on Ubuntu and COS. + pkill -SIGUSR1 dockerd + fi + systemctl kill --kill-who=main "${container_runtime_name}" + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 120 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + function kubelet_monitoring() { + echo "Wait for 2 minutes for kubelet to be functional" + sleep 120 + local -r max_seconds=10 + local output="" + while true; do + local failed=false + + if journalctl -u kubelet -n 1 | grep -q "use of closed network connection"; then + failed=true + echo "Kubelet stopped posting node status. Restarting" + elif ! output=$(curl -m "${max_seconds}" -f -s -S http://127.0.0.1:10248/healthz 2>&1); then + failed=true + # Print the response and/or errors. + echo "$output" + fi + + if [[ "$failed" == "true" ]]; then + echo "Kubelet is unhealthy!" + systemctl kill kubelet + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 60 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + ############## Main Function ################ + if [[ "$#" -ne 1 ]]; then + echo "Usage: health-monitor.sh " + exit 1 + fi + + SLEEP_SECONDS=10 + component=$1 + echo "Start kubernetes health monitoring for ${component}" + if [[ "${component}" == "container-runtime" ]]; then + container_runtime_monitoring + elif [[ "${component}" == "kubelet" ]]; then + kubelet_monitoring + else + echo "Health monitoring for component ${component} is not supported!" + fi + encoding: b64 + path: /opt/bin/health-monitor.sh + permissions: 755 + - content: + inline: + data: | + [Journal] + SystemMaxUse=5G + encoding: b64 + path: /etc/systemd/journald.conf.d/max_disk_use.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + modprobe ip_vs + modprobe ip_vs_rr + modprobe ip_vs_wrr + modprobe ip_vs_sh + + if modinfo nf_conntrack_ipv4 &> /dev/null; then + modprobe nf_conntrack_ipv4 + else + modprobe nf_conntrack + fi + encoding: b64 + path: /opt/load-kernel-modules.sh + permissions: 755 + - content: + inline: + data: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + kernel.panic_on_oops = 1 + kernel.panic = 10 + net.ipv4.ip_forward = 1 + vm.overcommit_memory = 1 + fs.inotify.max_user_watches = 1048576 + fs.inotify.max_user_instances = 8192 + encoding: b64 + path: /etc/sysctl.d/k8s.conf + permissions: 644 + - content: + inline: + data: | + # Added by kubermatic machine-controller + # Enable cgroups memory and swap accounting + GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" + encoding: b64 + path: /etc/default/grub.d/60-swap-accounting.cfg + permissions: 644 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + if systemctl is-active ufw; then systemctl stop ufw; fi + systemctl mask ufw + systemctl restart systemd-modules-load.service + sysctl --system + + apt-get update + + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -y \ + curl \ + ca-certificates \ + ceph-common \ + cifs-utils \ + conntrack \ + e2fsprogs \ + ebtables \ + ethtool \ + glusterfs-client \ + iptables \ + jq \ + kmod \ + openssh-client \ + nfs-common \ + socat \ + util-linux \ + ipvsadm + apt-get update + apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + + apt-get install -y --allow-downgrades containerd.io=1.5* + apt-mark hold containerd.io + + systemctl daemon-reload + systemctl enable --now containerd + + opt_bin=/opt/bin + usr_local_bin=/usr/local/bin + cni_bin_dir=/opt/cni/bin + mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir" + mkdir -p /etc/kubernetes/dynamic-config-dir + arch=${HOST_ARCH-} + if [ -z "$arch" ] + then + case $(uname -m) in + x86_64) + arch="amd64" + ;; + aarch64) + arch="arm64" + ;; + *) + echo "unsupported CPU architecture, exiting" + exit 1 + ;; + esac + fi + CNI_VERSION="${CNI_VERSION:-v0.8.7}" + cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION" + cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz" + curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename" + cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256") + cd "$cni_bin_dir" + sha256sum -c <<<"$cni_sum" + tar xvf "$cni_filename" + rm -f "$cni_filename" + cd - + CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}" + cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}" + cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz" + curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename" + cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///') + cd "$opt_bin" + sha256sum -c <<<"$cri_tools_sum" + tar xvf "$cri_tools_filename" + rm -f "$cri_tools_filename" + ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped" + cd - + KUBE_VERSION="${KUBE_VERSION:-v1.22.2}" + kube_dir="$opt_bin/kubernetes-$KUBE_VERSION" + kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch" + kube_sum_file="$kube_dir/sha256" + mkdir -p "$kube_dir" + : >"$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin" + chmod +x "$kube_dir/$bin" + sum=$(curl -Lf "$kube_base_url/$bin.sha256") + echo "$sum $kube_dir/$bin" >>"$kube_sum_file" + done + sha256sum -c "$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + ln -sf "$kube_dir/$bin" "$opt_bin"/$bin + done + + # set kubelet nodeip environment variable + /opt/bin/setup_net_env.sh + + systemctl enable --now kubelet + systemctl enable --now --no-block kubelet-healthcheck.service + encoding: b64 + path: /opt/bin/setup + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + while ! "$@"; do + sleep 1 + done + encoding: b64 + path: /opt/bin/supervise.sh + permissions: 755 + - content: + inline: + data: | + [Unit] + After=containerd.service + Requires=containerd.service + + Description=kubelet: The Kubernetes Node Agent + Documentation=https://kubernetes.io/docs/home/ + + [Service] + User=root + Restart=always + StartLimitInterval=0 + RestartSec=10 + CPUAccounting=true + MemoryAccounting=true + + Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/" + EnvironmentFile=-/etc/environment + + ExecStartPre=/bin/bash /opt/disable-swap.sh + ExecStartPre=/bin/bash /opt/load-kernel-modules.sh + ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh + ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \ + --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --config=/etc/kubernetes/kubelet.conf \ + --network-plugin=cni \ + --cert-dir=/etc/kubernetes/pki \ + --cloud-provider=aws \ + --cloud-config=/etc/kubernetes/cloud-config \ + --dynamic-config-dir=/etc/kubernetes/dynamic-config-dir \ + --feature-gates=DynamicKubeletConfig=true \ + --exit-on-lock-contention \ + --lock-file=/tmp/kubelet.lock \ + --container-runtime=remote \ + --container-runtime-endpoint=unix:///run/containerd/containerd.sock \ + --node-ip ${KUBELET_NODE_IP} + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet.service + permissions: 644 + - content: + inline: + data: | + [Service] + Environment="KUBELET_EXTRA_ARGS=--resolv-conf=/run/systemd/resolve/resolv.conf" + encoding: b64 + path: /etc/systemd/system/kubelet.service.d/extras.conf + permissions: 644 + - content: + inline: + data: |+ + [global] + Zone="eu-central-1b" + VPC="e-123f" + SubnetID="test-subnet" + + encoding: b64 + path: /etc/kubernetes/cloud-config + permissions: 600 + - content: + inline: + data: | + #!/usr/bin/env bash + echodate() { + echo "[$(date -Is)]" "$@" + } + + # get the default interface IP address + DEFAULT_IFC_IP=$(ip -o route get 1 | grep -oP "src \K\S+") + + if [ -z "${DEFAULT_IFC_IP}" ] + then + echodate "Failed to get IP address for the default route interface" + exit 1 + fi + + + # get the full hostname + FULL_HOSTNAME=$(hostname -f) + # if /etc/hostname is not empty then use the hostname from there + if [ -s /etc/hostname ]; then + FULL_HOSTNAME=$(cat /etc/hostname) + fi + + # write the nodeip_env file + # we need the line below because flatcar has the same string "coreos" in that file + if grep -q coreos /etc/os-release + then + echo "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf + elif [ ! -d /etc/systemd/system/kubelet.service.d ] + then + echodate "Can't find kubelet service extras directory" + exit 1 + else + echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf + fi + encoding: b64 + path: /opt/bin/setup_net_env.sh + permissions: 755 + - content: + inline: + data: | + -----BEGIN CERTIFICATE----- + MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV + BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG + A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3 + DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0 + NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG + cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv + c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS + R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT + ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk + JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3 + mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW + caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G + A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt + hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB + MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES + MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv + bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h + U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao + eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4 + UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD + 58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n + sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF + kPe6XoSbiLm/kxk32T0= + -----END CERTIFICATE----- + encoding: b64 + path: /etc/kubernetes/pki/ca.crt + permissions: 644 + - content: + inline: + data: |+ + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREE5TVRzd09RWURWUVFERXpKeWIyOTAKTFdOaExuUTNjV3R4ZURWeGRDNWxkWEp2Y0dVdGQyVnpkRE10WXk1a1pYWXVhM1ZpWlhKdFlYUnBZeTVwYnpBZQpGdzB4T0RBeU1ERXhNelUyTURoYUZ3MHlPREF4TXpBeE16VTJNRGhhTUQweE96QTVCZ05WQkFNVE1uSnZiM1F0ClkyRXVkRGR4YTNGNE5YRjBMbVYxY205d1pTMTNaWE4wTXkxakxtUmxkaTVyZFdKbGNtMWhkR2xqTG1sdk1JSUIKSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA2SDZWNTZiWUh2Q2V6TGtyZkl6TTgxYgppbzcvWmF3L0xLRXcwZUYrTE12NEUrL1EvZkZoc0hDK21oZUxnMUhXVVBGUFJrNFBRODVtQS80dGppbWpTUEZECms2U0ltektGTFlRZ3dDZ2dpVzhOMmhPKzl6ckJVQUxKRkdCNjRvT2NiQmo2RXIvK05sUEdJM1JSV1dkaUVUV0YKV1lDNGpmSmpiRjVQYnl5WEhuc0dmdFNOWVpCTDcxVzdoOWpMV3B5VVdLTDZaWUFOd0RPTjJSYnA3dHB1dzBYNgprayswQVZ3VnprMzArTU56bWY1MHF3K284MThiZkxVRGthTk1mTFM2STB3UW03UkdnK01nVlJEeTNDdVlxZklXClkyeng2YzdQcXpGc1ZWZklyYTBiMHFhdE5sMVhIajh0K0dOcWRiaTIvRlFqQ3hpbFROdW50VDN2eTJlT0hRSUQKQVFBQm95TXdJVEFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBSW1FbklYVjNEeW1DcTlxUDdwK3VKNTV1Zlhka1IyZ2hEVVlyVFRjUHdqUjJqVEhhCmlaQStnOG42UXJVb0NENnN6RytsaGFsN2hQNnhkV3VSalhGSE83Yk52NjNJcUVHelJEZ3c1Z3djcVVUWkV2d2cKZ216NzU5dy9hRmYxVjEyaDFhZlBtQTlFRzVOZEh4c3g5QWxIK0Y2dHlzcHBXaFU4WEVRVUFLQ1BqbndVbUs0cAo3Z3ZUWnIyeno0bndoWm8zTDg5MDNxcHRjcTFsWjRPWXNEb1hvbDF1emFRSDgyeHl3ZVNLQ0tYcE9iaXplNVowCndwbmpkRHVIODd4NHI0TGpNWnB1M3ZYNkxqQkRNUFdrSEhQTjVBaW0xSkx0Ny9STFBnVHRqc0pNclRBUzdoZ1oKZktMTDlRTVFsNnMxckhKNEtrL2U3S0c4SEE0aEVORWhrOVlEZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://foo.bar:6443 + name: c + contexts: + - context: + cluster: c + user: c + name: c + current-context: c + kind: Config + preferences: {} + users: + - name: c + user: + token: test.test + + encoding: b64 + path: /etc/kubernetes/bootstrap-kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/supervise.sh /opt/bin/setup + encoding: b64 + path: /etc/systemd/system/setup.service + permissions: 644 + - content: + inline: + data: | + export PATH="/opt/bin:$PATH" + encoding: b64 + path: /etc/profile.d/opt-bin-path.sh + permissions: 644 + - content: + inline: + data: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt + authorization: + mode: Webhook + cgroupDriver: systemd + clusterDNS: + - "10.0.0.0" + clusterDomain: cluster.local + containerLogMaxSize: 300Mi + containerLogMaxFiles: 30 + featureGates: + GracefulNodeShutdown: true + IdentifyPodOS: false + protectKernelDefaults: true + readOnlyPort: 0 + rotateCertificates: true + serverTLSBootstrap: true + staticPodPath: /etc/kubernetes/manifests + kubeReserved: + cpu: 30m + ephemeral-storage: 30Gi + systemReserved: + cpu: 30m + ephemeral-storage: 30Gi + evictionHard: + memory.available: 30Mi + maxPods: 110 + tlsCipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + volumePluginDir: /var/lib/kubelet/volumeplugins + encoding: b64 + path: /etc/kubernetes/kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet-healthcheck.service + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud + # providers swap gets enabled on reboot or after the setup script has finished executing. + sed -i.orig '/.*swap.*/d' /etc/fstab + swapoff -a + encoding: b64 + path: /opt/disable-swap.sh + permissions: 755 + - content: + inline: + data: | + runtime-endpoint: unix:///run/containerd/containerd.sock + path: /etc/crictl.yaml + permissions: 644 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/containerd.service.d/environment.conf + permissions: 644 + - content: + inline: + data: |+ + version = 2 + + [metrics] + address = "127.0.0.1:1338" + + [plugins] + [plugins."io.containerd.grpc.v1.cri"] + sandbox_image = "192.168.100.100:5000/kubernetes/pause:v3.1" + [plugins."io.containerd.grpc.v1.cri".containerd] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true + [plugins."io.containerd.grpc.v1.cri".registry] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] + endpoint = ["https://registry.docker-cn.com"] + [plugins."io.containerd.grpc.v1.cri".registry.configs] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.0.0.1:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.0.0.1:5000".tls] + insecure_skip_verify = true + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.100:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.100:5000".tls] + insecure_skip_verify = true + + encoding: b64 + path: /etc/containerd/config.toml + permissions: 600 + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c diff --git a/pkg/controllers/osc/testdata/osc-kubelet-configuration-docker.yaml b/pkg/controllers/osc/testdata/osc-kubelet-configuration-docker.yaml index e69de29b..0416041c 100644 --- a/pkg/controllers/osc/testdata/osc-kubelet-configuration-docker.yaml +++ b/pkg/controllers/osc/testdata/osc-kubelet-configuration-docker.yaml @@ -0,0 +1,645 @@ +apiVersion: operatingsystemmanager.k8c.io/v1alpha1 +kind: OperatingSystemConfig +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: kubelet-configuration-kube-system-config + namespace: kube-system + resourceVersion: "1" +spec: + bootstrapConfig: + files: + - content: + inline: + data: "#!/bin/bash\nset -xeuo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt + update && apt install -y curl jq\ncurl -s -k -v --header 'Authorization: + Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/kubelet-configuration-kube-system-provisioning-config + | jq '.data[\"cloud-config\"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/kubelet-configuration-kube-system-provisioning-config.cfg\ncloud-init + clean\ncloud-init --file /etc/cloud/cloud.cfg.d/kubelet-configuration-kube-system-provisioning-config.cfg + init\nsystemctl daemon-reload\n\nsystemctl restart setup.service\n" + encoding: b64 + path: /opt/bin/bootstrap + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/opt/bin/bootstrap + encoding: b64 + path: /etc/systemd/system/bootstrap.service + permissions: 644 + modules: + runcmd: + - systemctl restart bootstrap.service + - systemctl daemon-reload + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c + cloudProvider: + name: aws + spec: + availabilityZone: eu-central-1b + subnetID: test-subnet + vpcId: e-123f + osName: ubuntu + osVersion: "20.04" + provisioningConfig: + files: + - content: + inline: + data: | + #!/usr/bin/env bash + + # Copyright 2016 The Kubernetes Authors. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + # This script is for master and node instance health monitoring, which is + # packed in kube-manifest tarball. It is executed through a systemd service + # in cluster/gce/gci/.yaml. The env variables come from an env + # file provided by the systemd service. + + # This script is a slightly adjusted version of + # https://github.com/kubernetes/kubernetes/blob/e1a1aa211224fcd9b213420b80b2ae680669683d/cluster/gce/gci/health-monitor.sh + # Adjustments are: + # * Kubelet health port is 10248 not 10255 + # * Removal of all all references to the KUBE_ENV file + + set -o nounset + set -o pipefail + + # We simply kill the process when there is a failure. Another systemd service will + # automatically restart the process. + function container_runtime_monitoring() { + local -r max_attempts=5 + local attempt=1 + local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}" + # We still need to use 'docker ps' when container runtime is "docker". This is because + # dockershim is still part of kubelet today. When kubelet is down, crictl pods + # will also fail, and docker will be killed. This is undesirable especially when + # docker live restore is disabled. + local healthcheck_command="docker ps" + if [[ "${CONTAINER_RUNTIME:-docker}" != "docker" ]]; then + healthcheck_command="crictl pods" + fi + # Container runtime startup takes time. Make initial attempts before starting + # killing the container runtime. + until timeout 60 ${healthcheck_command} > /dev/null; do + if ((attempt == max_attempts)); then + echo "Max attempt ${max_attempts} reached! Proceeding to monitor container runtime healthiness." + break + fi + echo "$attempt initial attempt \"${healthcheck_command}\"! Trying again in $attempt seconds..." + sleep "$((2 ** attempt++))" + done + while true; do + if ! timeout 60 ${healthcheck_command} > /dev/null; then + echo "Container runtime ${container_runtime_name} failed!" + if [[ "$container_runtime_name" == "docker" ]]; then + # Dump stack of docker daemon for investigation. + # Log file name looks like goroutine-stacks-TIMESTAMP and will be saved to + # the exec root directory, which is /var/run/docker/ on Ubuntu and COS. + pkill -SIGUSR1 dockerd + fi + systemctl kill --kill-who=main "${container_runtime_name}" + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 120 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + function kubelet_monitoring() { + echo "Wait for 2 minutes for kubelet to be functional" + sleep 120 + local -r max_seconds=10 + local output="" + while true; do + local failed=false + + if journalctl -u kubelet -n 1 | grep -q "use of closed network connection"; then + failed=true + echo "Kubelet stopped posting node status. Restarting" + elif ! output=$(curl -m "${max_seconds}" -f -s -S http://127.0.0.1:10248/healthz 2>&1); then + failed=true + # Print the response and/or errors. + echo "$output" + fi + + if [[ "$failed" == "true" ]]; then + echo "Kubelet is unhealthy!" + systemctl kill kubelet + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 60 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + ############## Main Function ################ + if [[ "$#" -ne 1 ]]; then + echo "Usage: health-monitor.sh " + exit 1 + fi + + SLEEP_SECONDS=10 + component=$1 + echo "Start kubernetes health monitoring for ${component}" + if [[ "${component}" == "container-runtime" ]]; then + container_runtime_monitoring + elif [[ "${component}" == "kubelet" ]]; then + kubelet_monitoring + else + echo "Health monitoring for component ${component} is not supported!" + fi + encoding: b64 + path: /opt/bin/health-monitor.sh + permissions: 755 + - content: + inline: + data: | + [Journal] + SystemMaxUse=5G + encoding: b64 + path: /etc/systemd/journald.conf.d/max_disk_use.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + modprobe ip_vs + modprobe ip_vs_rr + modprobe ip_vs_wrr + modprobe ip_vs_sh + + if modinfo nf_conntrack_ipv4 &> /dev/null; then + modprobe nf_conntrack_ipv4 + else + modprobe nf_conntrack + fi + encoding: b64 + path: /opt/load-kernel-modules.sh + permissions: 755 + - content: + inline: + data: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + kernel.panic_on_oops = 1 + kernel.panic = 10 + net.ipv4.ip_forward = 1 + vm.overcommit_memory = 1 + fs.inotify.max_user_watches = 1048576 + fs.inotify.max_user_instances = 8192 + encoding: b64 + path: /etc/sysctl.d/k8s.conf + permissions: 644 + - content: + inline: + data: | + # Added by kubermatic machine-controller + # Enable cgroups memory and swap accounting + GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" + encoding: b64 + path: /etc/default/grub.d/60-swap-accounting.cfg + permissions: 644 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + if systemctl is-active ufw; then systemctl stop ufw; fi + systemctl mask ufw + systemctl restart systemd-modules-load.service + sysctl --system + + apt-get update + + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -y \ + curl \ + ca-certificates \ + ceph-common \ + cifs-utils \ + conntrack \ + e2fsprogs \ + ebtables \ + ethtool \ + glusterfs-client \ + iptables \ + jq \ + kmod \ + openssh-client \ + nfs-common \ + socat \ + util-linux \ + ipvsadm + apt-get update + apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + + apt-get install --allow-downgrades -y \ + containerd.io=1.5* \ + docker-ce-cli=5:19.03* \ + docker-ce=5:19.03* + apt-mark hold docker-ce* containerd.io + + systemctl daemon-reload + systemctl enable --now docker + + opt_bin=/opt/bin + usr_local_bin=/usr/local/bin + cni_bin_dir=/opt/cni/bin + mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir" + mkdir -p /etc/kubernetes/dynamic-config-dir + arch=${HOST_ARCH-} + if [ -z "$arch" ] + then + case $(uname -m) in + x86_64) + arch="amd64" + ;; + aarch64) + arch="arm64" + ;; + *) + echo "unsupported CPU architecture, exiting" + exit 1 + ;; + esac + fi + CNI_VERSION="${CNI_VERSION:-v0.8.7}" + cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION" + cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz" + curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename" + cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256") + cd "$cni_bin_dir" + sha256sum -c <<<"$cni_sum" + tar xvf "$cni_filename" + rm -f "$cni_filename" + cd - + CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}" + cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}" + cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz" + curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename" + cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///') + cd "$opt_bin" + sha256sum -c <<<"$cri_tools_sum" + tar xvf "$cri_tools_filename" + rm -f "$cri_tools_filename" + ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped" + cd - + KUBE_VERSION="${KUBE_VERSION:-v1.22.2}" + kube_dir="$opt_bin/kubernetes-$KUBE_VERSION" + kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch" + kube_sum_file="$kube_dir/sha256" + mkdir -p "$kube_dir" + : >"$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin" + chmod +x "$kube_dir/$bin" + sum=$(curl -Lf "$kube_base_url/$bin.sha256") + echo "$sum $kube_dir/$bin" >>"$kube_sum_file" + done + sha256sum -c "$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + ln -sf "$kube_dir/$bin" "$opt_bin"/$bin + done + + # set kubelet nodeip environment variable + /opt/bin/setup_net_env.sh + + systemctl enable --now kubelet + systemctl enable --now --no-block kubelet-healthcheck.service + encoding: b64 + path: /opt/bin/setup + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + while ! "$@"; do + sleep 1 + done + encoding: b64 + path: /opt/bin/supervise.sh + permissions: 755 + - content: + inline: + data: | + [Unit] + After=docker.service + Requires=docker.service + + Description=kubelet: The Kubernetes Node Agent + Documentation=https://kubernetes.io/docs/home/ + + [Service] + User=root + Restart=always + StartLimitInterval=0 + RestartSec=10 + CPUAccounting=true + MemoryAccounting=true + + Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/" + EnvironmentFile=-/etc/environment + + ExecStartPre=/bin/bash /opt/disable-swap.sh + ExecStartPre=/bin/bash /opt/load-kernel-modules.sh + ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh + ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \ + --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --config=/etc/kubernetes/kubelet.conf \ + --network-plugin=cni \ + --cert-dir=/etc/kubernetes/pki \ + --cloud-provider=aws \ + --cloud-config=/etc/kubernetes/cloud-config \ + --dynamic-config-dir=/etc/kubernetes/dynamic-config-dir \ + --feature-gates=DynamicKubeletConfig=true \ + --exit-on-lock-contention \ + --lock-file=/tmp/kubelet.lock \ + --container-runtime=docker \ + --container-runtime-endpoint=unix:///var/run/dockershim.sock \ + --node-ip ${KUBELET_NODE_IP} + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet.service + permissions: 644 + - content: + inline: + data: | + [Service] + Environment="KUBELET_EXTRA_ARGS=--resolv-conf=/run/systemd/resolve/resolv.conf" + encoding: b64 + path: /etc/systemd/system/kubelet.service.d/extras.conf + permissions: 644 + - content: + inline: + data: |+ + [global] + Zone="eu-central-1b" + VPC="e-123f" + SubnetID="test-subnet" + + encoding: b64 + path: /etc/kubernetes/cloud-config + permissions: 600 + - content: + inline: + data: | + #!/usr/bin/env bash + echodate() { + echo "[$(date -Is)]" "$@" + } + + # get the default interface IP address + DEFAULT_IFC_IP=$(ip -o route get 1 | grep -oP "src \K\S+") + + if [ -z "${DEFAULT_IFC_IP}" ] + then + echodate "Failed to get IP address for the default route interface" + exit 1 + fi + + + # get the full hostname + FULL_HOSTNAME=$(hostname -f) + # if /etc/hostname is not empty then use the hostname from there + if [ -s /etc/hostname ]; then + FULL_HOSTNAME=$(cat /etc/hostname) + fi + + # write the nodeip_env file + # we need the line below because flatcar has the same string "coreos" in that file + if grep -q coreos /etc/os-release + then + echo "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf + elif [ ! -d /etc/systemd/system/kubelet.service.d ] + then + echodate "Can't find kubelet service extras directory" + exit 1 + else + echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf + fi + encoding: b64 + path: /opt/bin/setup_net_env.sh + permissions: 755 + - content: + inline: + data: | + -----BEGIN CERTIFICATE----- + MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV + BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG + A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3 + DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0 + NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG + cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv + c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS + R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT + ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk + JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3 + mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW + caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G + A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt + hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB + MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES + MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv + bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h + U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao + eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4 + UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD + 58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n + sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF + kPe6XoSbiLm/kxk32T0= + -----END CERTIFICATE----- + encoding: b64 + path: /etc/kubernetes/pki/ca.crt + permissions: 644 + - content: + inline: + data: |+ + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREE5TVRzd09RWURWUVFERXpKeWIyOTAKTFdOaExuUTNjV3R4ZURWeGRDNWxkWEp2Y0dVdGQyVnpkRE10WXk1a1pYWXVhM1ZpWlhKdFlYUnBZeTVwYnpBZQpGdzB4T0RBeU1ERXhNelUyTURoYUZ3MHlPREF4TXpBeE16VTJNRGhhTUQweE96QTVCZ05WQkFNVE1uSnZiM1F0ClkyRXVkRGR4YTNGNE5YRjBMbVYxY205d1pTMTNaWE4wTXkxakxtUmxkaTVyZFdKbGNtMWhkR2xqTG1sdk1JSUIKSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA2SDZWNTZiWUh2Q2V6TGtyZkl6TTgxYgppbzcvWmF3L0xLRXcwZUYrTE12NEUrL1EvZkZoc0hDK21oZUxnMUhXVVBGUFJrNFBRODVtQS80dGppbWpTUEZECms2U0ltektGTFlRZ3dDZ2dpVzhOMmhPKzl6ckJVQUxKRkdCNjRvT2NiQmo2RXIvK05sUEdJM1JSV1dkaUVUV0YKV1lDNGpmSmpiRjVQYnl5WEhuc0dmdFNOWVpCTDcxVzdoOWpMV3B5VVdLTDZaWUFOd0RPTjJSYnA3dHB1dzBYNgprayswQVZ3VnprMzArTU56bWY1MHF3K284MThiZkxVRGthTk1mTFM2STB3UW03UkdnK01nVlJEeTNDdVlxZklXClkyeng2YzdQcXpGc1ZWZklyYTBiMHFhdE5sMVhIajh0K0dOcWRiaTIvRlFqQ3hpbFROdW50VDN2eTJlT0hRSUQKQVFBQm95TXdJVEFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBSW1FbklYVjNEeW1DcTlxUDdwK3VKNTV1Zlhka1IyZ2hEVVlyVFRjUHdqUjJqVEhhCmlaQStnOG42UXJVb0NENnN6RytsaGFsN2hQNnhkV3VSalhGSE83Yk52NjNJcUVHelJEZ3c1Z3djcVVUWkV2d2cKZ216NzU5dy9hRmYxVjEyaDFhZlBtQTlFRzVOZEh4c3g5QWxIK0Y2dHlzcHBXaFU4WEVRVUFLQ1BqbndVbUs0cAo3Z3ZUWnIyeno0bndoWm8zTDg5MDNxcHRjcTFsWjRPWXNEb1hvbDF1emFRSDgyeHl3ZVNLQ0tYcE9iaXplNVowCndwbmpkRHVIODd4NHI0TGpNWnB1M3ZYNkxqQkRNUFdrSEhQTjVBaW0xSkx0Ny9STFBnVHRqc0pNclRBUzdoZ1oKZktMTDlRTVFsNnMxckhKNEtrL2U3S0c4SEE0aEVORWhrOVlEZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://foo.bar:6443 + name: c + contexts: + - context: + cluster: c + user: c + name: c + current-context: c + kind: Config + preferences: {} + users: + - name: c + user: + token: test.test + + encoding: b64 + path: /etc/kubernetes/bootstrap-kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/supervise.sh /opt/bin/setup + encoding: b64 + path: /etc/systemd/system/setup.service + permissions: 644 + - content: + inline: + data: | + export PATH="/opt/bin:$PATH" + encoding: b64 + path: /etc/profile.d/opt-bin-path.sh + permissions: 644 + - content: + inline: + data: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt + authorization: + mode: Webhook + cgroupDriver: systemd + clusterDNS: + - "10.0.0.0" + clusterDomain: cluster.local + featureGates: + GracefulNodeShutdown: true + IdentifyPodOS: false + protectKernelDefaults: true + readOnlyPort: 0 + rotateCertificates: true + serverTLSBootstrap: true + staticPodPath: /etc/kubernetes/manifests + kubeReserved: + cpu: 30m + ephemeral-storage: 30Gi + systemReserved: + cpu: 30m + ephemeral-storage: 30Gi + evictionHard: + memory.available: 30Mi + maxPods: 110 + tlsCipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + volumePluginDir: /var/lib/kubelet/volumeplugins + encoding: b64 + path: /etc/kubernetes/kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet-healthcheck.service + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud + # providers swap gets enabled on reboot or after the setup script has finished executing. + sed -i.orig '/.*swap.*/d' /etc/fstab + swapoff -a + encoding: b64 + path: /opt/disable-swap.sh + permissions: 755 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/containerd.service.d/environment.conf + permissions: 644 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/docker.service.d/environment.conf + permissions: 644 + - content: + inline: + data: '{"exec-opts":["native.cgroupdriver=systemd"],"storage-driver":"overlay2","log-driver":"json-file","log-opts":{"max-file":"30","max-size":"300m"},"insecure-registries":["192.168.100.100:5000","10.0.0.1:5000"],"registry-mirrors":["https://registry.docker-cn.com"]}' + encoding: b64 + path: /etc/docker/daemon.json + permissions: 644 + - content: + inline: + data: "" + encoding: b64 + path: /root/.docker/config.json + permissions: 600 + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c diff --git a/pkg/controllers/osc/testdata/osc-rhel-8.x-azure-containerd.yaml b/pkg/controllers/osc/testdata/osc-rhel-8.x-azure-containerd.yaml index e69de29b..4c95cb3c 100644 --- a/pkg/controllers/osc/testdata/osc-rhel-8.x-azure-containerd.yaml +++ b/pkg/controllers/osc/testdata/osc-rhel-8.x-azure-containerd.yaml @@ -0,0 +1,677 @@ +apiVersion: operatingsystemmanager.k8c.io/v1alpha1 +kind: OperatingSystemConfig +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: osp-rhel-azure-kube-system-config + namespace: kube-system + resourceVersion: "1" +spec: + bootstrapConfig: + files: + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + + yum install -y curl jq + + curl -s -k -v --header 'Authorization: Bearer top-secret' https://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/osp-rhel-azure-kube-system-provisioning-config | jq '.data["cloud-config"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/osp-rhel-azure-kube-system-provisioning-config.cfg + cloud-init clean + cloud-init --file /etc/cloud/cloud.cfg.d/osp-rhel-azure-kube-system-provisioning-config.cfg init + systemctl daemon-reload + systemctl restart setup.service + encoding: b64 + path: /opt/bin/bootstrap + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/opt/bin/bootstrap + encoding: b64 + path: /etc/systemd/system/bootstrap.service + permissions: 644 + modules: + rh_subscription: + auto-attach: "false" + password: "" + username: "" + runcmd: + - systemctl restart bootstrap.service + - systemctl daemon-reload + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c + cloudProvider: + name: azure + spec: + securityGroupName: fake-sg + osName: rhel + osVersion: "8.5" + provisioningConfig: + files: + - content: + inline: + data: | + #!/usr/bin/env bash + + # Copyright 2016 The Kubernetes Authors. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + # This script is for master and node instance health monitoring, which is + # packed in kube-manifest tarball. It is executed through a systemd service + # in cluster/gce/gci/.yaml. The env variables come from an env + # file provided by the systemd service. + + # This script is a slightly adjusted version of + # https://github.com/kubernetes/kubernetes/blob/e1a1aa211224fcd9b213420b80b2ae680669683d/cluster/gce/gci/health-monitor.sh + # Adjustments are: + # * Kubelet health port is 10248 not 10255 + # * Removal of all all references to the KUBE_ENV file + + set -o nounset + set -o pipefail + + # We simply kill the process when there is a failure. Another systemd service will + # automatically restart the process. + function container_runtime_monitoring() { + local -r max_attempts=5 + local attempt=1 + local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}" + # We still need to use 'docker ps' when container runtime is "docker". This is because + # dockershim is still part of kubelet today. When kubelet is down, crictl pods + # will also fail, and docker will be killed. This is undesirable especially when + # docker live restore is disabled. + local healthcheck_command="docker ps" + if [[ "${CONTAINER_RUNTIME:-docker}" != "docker" ]]; then + healthcheck_command="crictl pods" + fi + # Container runtime startup takes time. Make initial attempts before starting + # killing the container runtime. + until timeout 60 ${healthcheck_command} > /dev/null; do + if ((attempt == max_attempts)); then + echo "Max attempt ${max_attempts} reached! Proceeding to monitor container runtime healthiness." + break + fi + echo "$attempt initial attempt \"${healthcheck_command}\"! Trying again in $attempt seconds..." + sleep "$((2 ** attempt++))" + done + while true; do + if ! timeout 60 ${healthcheck_command} > /dev/null; then + echo "Container runtime ${container_runtime_name} failed!" + if [[ "$container_runtime_name" == "docker" ]]; then + # Dump stack of docker daemon for investigation. + # Log file name looks like goroutine-stacks-TIMESTAMP and will be saved to + # the exec root directory, which is /var/run/docker/ on Ubuntu and COS. + pkill -SIGUSR1 dockerd + fi + systemctl kill --kill-who=main "${container_runtime_name}" + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 120 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + function kubelet_monitoring() { + echo "Wait for 2 minutes for kubelet to be functional" + sleep 120 + local -r max_seconds=10 + local output="" + while true; do + local failed=false + + if journalctl -u kubelet -n 1 | grep -q "use of closed network connection"; then + failed=true + echo "Kubelet stopped posting node status. Restarting" + elif ! output=$(curl -m "${max_seconds}" -f -s -S http://127.0.0.1:10248/healthz 2>&1); then + failed=true + # Print the response and/or errors. + echo "$output" + fi + + if [[ "$failed" == "true" ]]; then + echo "Kubelet is unhealthy!" + systemctl kill kubelet + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 60 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + ############## Main Function ################ + if [[ "$#" -ne 1 ]]; then + echo "Usage: health-monitor.sh " + exit 1 + fi + + SLEEP_SECONDS=10 + component=$1 + echo "Start kubernetes health monitoring for ${component}" + if [[ "${component}" == "container-runtime" ]]; then + container_runtime_monitoring + elif [[ "${component}" == "kubelet" ]]; then + kubelet_monitoring + else + echo "Health monitoring for component ${component} is not supported!" + fi + encoding: b64 + path: /opt/bin/health-monitor.sh + permissions: 755 + - content: + inline: + data: | + [Journal] + SystemMaxUse=5G + encoding: b64 + path: /etc/systemd/journald.conf.d/max_disk_use.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + modprobe ip_tables + modprobe ip_vs + modprobe ip_vs_rr + modprobe ip_vs_wrr + modprobe ip_vs_sh + + if modinfo nf_conntrack_ipv4 &> /dev/null; then + modprobe nf_conntrack_ipv4 + else + modprobe nf_conntrack + fi + encoding: b64 + path: /opt/load-kernel-modules.sh + permissions: 755 + - content: + inline: + data: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + kernel.panic_on_oops = 1 + kernel.panic = 10 + net.ipv4.ip_forward = 1 + vm.overcommit_memory = 1 + fs.inotify.max_user_watches = 1048576 + fs.inotify.max_user_instances = 8192 + encoding: b64 + path: /etc/sysctl.d/k8s.conf + permissions: 644 + - content: + inline: + data: | + # This file controls the state of SELinux on the system. + # SELINUX= can take one of these three values: + # enforcing - SELinux security policy is enforced. + # permissive - SELinux prints warnings instead of enforcing. + # disabled - No SELinux policy is loaded. + SELINUX=permissive + # SELINUXTYPE= can take one of three two values: + # targeted - Targeted processes are protected, + # minimum - Modification of targeted policy. Only selected processes are protected. + # mls - Multi Level Security protection. + SELINUXTYPE=targeted + encoding: b64 + path: /etc/selinux/config + permissions: 644 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + + setenforce 0 || true + systemctl restart systemd-modules-load.service + sysctl --system + + yum install -y \ + device-mapper-persistent-data \ + lvm2 \ + ebtables \ + ethtool \ + nfs-utils \ + bash-completion \ + sudo \ + socat \ + wget \ + curl \ + ipvsadm + + systemctl disable --now firewalld || true + yum install -y yum-utils + yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo + yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true + + yum install -y containerd.io-1.5* yum-plugin-versionlock + yum versionlock add containerd.io + + systemctl daemon-reload + systemctl enable --now containerd + + opt_bin=/opt/bin + usr_local_bin=/usr/local/bin + cni_bin_dir=/opt/cni/bin + mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir" + mkdir -p /etc/kubernetes/dynamic-config-dir + arch=${HOST_ARCH-} + if [ -z "$arch" ] + then + case $(uname -m) in + x86_64) + arch="amd64" + ;; + aarch64) + arch="arm64" + ;; + *) + echo "unsupported CPU architecture, exiting" + exit 1 + ;; + esac + fi + CNI_VERSION="${CNI_VERSION:-v0.8.7}" + cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION" + cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz" + curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename" + cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256") + cd "$cni_bin_dir" + sha256sum -c <<<"$cni_sum" + tar xvf "$cni_filename" + rm -f "$cni_filename" + cd - + CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}" + cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}" + cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz" + curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename" + cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///') + cd "$opt_bin" + sha256sum -c <<<"$cri_tools_sum" + tar xvf "$cri_tools_filename" + rm -f "$cri_tools_filename" + ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped" + cd - + KUBE_VERSION="${KUBE_VERSION:-v1.22.2}" + kube_dir="$opt_bin/kubernetes-$KUBE_VERSION" + kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch" + kube_sum_file="$kube_dir/sha256" + mkdir -p "$kube_dir" + : >"$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin" + chmod +x "$kube_dir/$bin" + sum=$(curl -Lf "$kube_base_url/$bin.sha256") + echo "$sum $kube_dir/$bin" >>"$kube_sum_file" + done + sha256sum -c "$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + ln -sf "$kube_dir/$bin" "$opt_bin"/$bin + done + + DEFAULT_IFC_NAME=$(ip -o route get 1 | grep -oP "dev \K\S+") + + # enable DHCPv6 on the default interface + echo NETWORKING_IPV6=yes >> /etc/sysconfig/network + echo IPV6INIT=yes >> /etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME + echo DHCPV6C=yes >> /etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME + ifdown $DEFAULT_IFC_NAME && ifup $DEFAULT_IFC_NAME + + mkdir -p /etc/systemd/system/kubelet.service.d/ + # set kubelet nodeip environment variable + /opt/bin/setup_net_env.sh + + systemctl enable --now kubelet + systemctl enable --now --no-block kubelet-healthcheck.service + encoding: b64 + path: /opt/bin/setup + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + while ! "$@"; do + sleep 1 + done + encoding: b64 + path: /opt/bin/supervise.sh + permissions: 755 + - content: + inline: + data: | + [Unit] + After=containerd.service + Requires=containerd.service + + Description=kubelet: The Kubernetes Node Agent + Documentation=https://kubernetes.io/docs/home/ + + [Service] + User=root + Restart=always + StartLimitInterval=0 + RestartSec=10 + CPUAccounting=true + MemoryAccounting=true + + Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/" + EnvironmentFile=-/etc/environment + + ExecStartPre=/bin/bash /opt/disable-swap.sh + ExecStartPre=/bin/bash /opt/load-kernel-modules.sh + ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh + ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \ + --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --config=/etc/kubernetes/kubelet.conf \ + --network-plugin=cni \ + --cert-dir=/etc/kubernetes/pki \ + --cloud-provider=azure \ + --cloud-config=/etc/kubernetes/cloud-config \ + --hostname-override=${KUBELET_HOSTNAME} \ + --dynamic-config-dir=/etc/kubernetes/dynamic-config-dir \ + --feature-gates=DynamicKubeletConfig=true \ + --exit-on-lock-contention \ + --lock-file=/tmp/kubelet.lock \ + --container-runtime=remote \ + --container-runtime-endpoint=unix:///run/containerd/containerd.sock \ + --node-ip ${KUBELET_NODE_IP} + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet.service + permissions: 644 + - content: + inline: + data: | + {"cloud":"AZUREPUBLICCLOUD","tenantId":"","subscriptionId":"","aadClientId":"","aadClientSecret":"","resourceGroup":"","location":"","vnetName":"","subnetName":"","routeTableName":"","securityGroupName":"fake-sg","primaryAvailabilitySetName":"","vnetResourceGroup":"","useInstanceMetadata":true,"loadBalancerSku":""} + encoding: b64 + path: /etc/kubernetes/cloud-config + permissions: 600 + - content: + inline: + data: | + #!/usr/bin/env bash + echodate() { + echo "[$(date -Is)]" "$@" + } + + # get the default interface IP address + DEFAULT_IFC_IP=$(ip -o route get 1 | grep -oP "src \K\S+") + + if [ -z "${DEFAULT_IFC_IP}" ] + then + echodate "Failed to get IP address for the default route interface" + exit 1 + fi + + # get the full hostname + FULL_HOSTNAME=$(hostname -f) + # if /etc/hostname is not empty then use the hostname from there + if [ -s /etc/hostname ]; then + FULL_HOSTNAME=$(cat /etc/hostname) + fi + + # write the nodeip_env file + # we need the line below because flatcar has the same string "coreos" in that file + if grep -q coreos /etc/os-release + then + echo "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf + elif [ ! -d /etc/systemd/system/kubelet.service.d ] + then + echodate "Can't find kubelet service extras directory" + exit 1 + else + echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf + fi + encoding: b64 + path: /opt/bin/setup_net_env.sh + permissions: 755 + - content: + inline: + data: | + -----BEGIN CERTIFICATE----- + MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV + BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG + A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3 + DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0 + NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG + cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv + c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS + R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT + ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk + JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3 + mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW + caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G + A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt + hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB + MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES + MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv + bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h + U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao + eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4 + UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD + 58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n + sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF + kPe6XoSbiLm/kxk32T0= + -----END CERTIFICATE----- + encoding: b64 + path: /etc/kubernetes/pki/ca.crt + permissions: 644 + - content: + inline: + data: |+ + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREE5TVRzd09RWURWUVFERXpKeWIyOTAKTFdOaExuUTNjV3R4ZURWeGRDNWxkWEp2Y0dVdGQyVnpkRE10WXk1a1pYWXVhM1ZpWlhKdFlYUnBZeTVwYnpBZQpGdzB4T0RBeU1ERXhNelUyTURoYUZ3MHlPREF4TXpBeE16VTJNRGhhTUQweE96QTVCZ05WQkFNVE1uSnZiM1F0ClkyRXVkRGR4YTNGNE5YRjBMbVYxY205d1pTMTNaWE4wTXkxakxtUmxkaTVyZFdKbGNtMWhkR2xqTG1sdk1JSUIKSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA2SDZWNTZiWUh2Q2V6TGtyZkl6TTgxYgppbzcvWmF3L0xLRXcwZUYrTE12NEUrL1EvZkZoc0hDK21oZUxnMUhXVVBGUFJrNFBRODVtQS80dGppbWpTUEZECms2U0ltektGTFlRZ3dDZ2dpVzhOMmhPKzl6ckJVQUxKRkdCNjRvT2NiQmo2RXIvK05sUEdJM1JSV1dkaUVUV0YKV1lDNGpmSmpiRjVQYnl5WEhuc0dmdFNOWVpCTDcxVzdoOWpMV3B5VVdLTDZaWUFOd0RPTjJSYnA3dHB1dzBYNgprayswQVZ3VnprMzArTU56bWY1MHF3K284MThiZkxVRGthTk1mTFM2STB3UW03UkdnK01nVlJEeTNDdVlxZklXClkyeng2YzdQcXpGc1ZWZklyYTBiMHFhdE5sMVhIajh0K0dOcWRiaTIvRlFqQ3hpbFROdW50VDN2eTJlT0hRSUQKQVFBQm95TXdJVEFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBSW1FbklYVjNEeW1DcTlxUDdwK3VKNTV1Zlhka1IyZ2hEVVlyVFRjUHdqUjJqVEhhCmlaQStnOG42UXJVb0NENnN6RytsaGFsN2hQNnhkV3VSalhGSE83Yk52NjNJcUVHelJEZ3c1Z3djcVVUWkV2d2cKZ216NzU5dy9hRmYxVjEyaDFhZlBtQTlFRzVOZEh4c3g5QWxIK0Y2dHlzcHBXaFU4WEVRVUFLQ1BqbndVbUs0cAo3Z3ZUWnIyeno0bndoWm8zTDg5MDNxcHRjcTFsWjRPWXNEb1hvbDF1emFRSDgyeHl3ZVNLQ0tYcE9iaXplNVowCndwbmpkRHVIODd4NHI0TGpNWnB1M3ZYNkxqQkRNUFdrSEhQTjVBaW0xSkx0Ny9STFBnVHRqc0pNclRBUzdoZ1oKZktMTDlRTVFsNnMxckhKNEtrL2U3S0c4SEE0aEVORWhrOVlEZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://foo.bar:6443 + name: c + contexts: + - context: + cluster: c + user: c + name: c + current-context: c + kind: Config + preferences: {} + users: + - name: c + user: + token: test.test + + encoding: b64 + path: /etc/kubernetes/bootstrap-kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/supervise.sh /opt/bin/setup + encoding: b64 + path: /etc/systemd/system/setup.service + permissions: 644 + - content: + inline: + data: | + export PATH="/opt/bin:$PATH" + encoding: b64 + path: /etc/profile.d/opt-bin-path.sh + permissions: 644 + - content: + inline: + data: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt + authorization: + mode: Webhook + cgroupDriver: systemd + clusterDNS: + - "10.0.0.0" + clusterDomain: cluster.local + containerLogMaxSize: 100Mi + containerLogMaxFiles: 5 + featureGates: + GracefulNodeShutdown: true + IdentifyPodOS: false + protectKernelDefaults: true + readOnlyPort: 0 + rotateCertificates: true + serverTLSBootstrap: true + staticPodPath: /etc/kubernetes/manifests + kubeReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + systemReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% + tlsCipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + volumePluginDir: /var/lib/kubelet/volumeplugins + encoding: b64 + path: /etc/kubernetes/kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet-healthcheck.service + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud + # providers swap gets enabled on reboot or after the setup script has finished executing. + sed -i.orig '/.*swap.*/d' /etc/fstab + swapoff -a + encoding: b64 + path: /opt/disable-swap.sh + permissions: 755 + - content: + inline: + data: | + runtime-endpoint: unix:///run/containerd/containerd.sock + path: /etc/crictl.yaml + permissions: 644 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/containerd.service.d/environment.conf + permissions: 644 + - content: + inline: + data: |+ + version = 2 + + [metrics] + address = "127.0.0.1:1338" + + [plugins] + [plugins."io.containerd.grpc.v1.cri"] + sandbox_image = "192.168.100.100:5000/kubernetes/pause:v3.1" + [plugins."io.containerd.grpc.v1.cri".containerd] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true + [plugins."io.containerd.grpc.v1.cri".registry] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] + endpoint = ["https://registry.docker-cn.com"] + [plugins."io.containerd.grpc.v1.cri".registry.configs] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.0.0.1:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.0.0.1:5000".tls] + insecure_skip_verify = true + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.100:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.100:5000".tls] + insecure_skip_verify = true + + encoding: b64 + path: /etc/containerd/config.toml + permissions: 600 + modules: + rh_subscription: + auto-attach: "false" + password: "" + username: "" + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c diff --git a/pkg/controllers/osc/testdata/osc-rhel-8.x-cloud-init-modules.yaml b/pkg/controllers/osc/testdata/osc-rhel-8.x-cloud-init-modules.yaml index e69de29b..8f184ea7 100644 --- a/pkg/controllers/osc/testdata/osc-rhel-8.x-cloud-init-modules.yaml +++ b/pkg/controllers/osc/testdata/osc-rhel-8.x-cloud-init-modules.yaml @@ -0,0 +1,662 @@ +apiVersion: operatingsystemmanager.k8c.io/v1alpha1 +kind: OperatingSystemConfig +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: osp-rhel-aws-kube-system-config + namespace: kube-system + resourceVersion: "1" +spec: + bootstrapConfig: + files: + - content: + inline: + data: "#!/bin/bash\nset -xeuo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt + update && apt install -y curl jq\ncurl -s -k -v --header 'Authorization: + Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/osp-rhel-aws-kube-system-provisioning-config + | jq '.data[\"cloud-config\"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/osp-rhel-aws-kube-system-provisioning-config.cfg\ncloud-init + clean\ncloud-init --file /etc/cloud/cloud.cfg.d/osp-rhel-aws-kube-system-provisioning-config.cfg + init\nsystemctl daemon-reload\n\nsystemctl restart setup.service\n" + encoding: b64 + path: /opt/bin/bootstrap + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/opt/bin/bootstrap + encoding: b64 + path: /etc/systemd/system/bootstrap.service + permissions: 644 + modules: + rh_subscription: + auto-attach: "false" + password: "" + username: "" + runcmd: + - systemctl restart bootstrap.service + - systemctl daemon-reload + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c + cloudProvider: + name: aws + spec: + availabilityZone: eu-central-1b + subnetID: test-subnet + vpcId: e-123f + osName: rhel + osVersion: "8.5" + provisioningConfig: + files: + - content: + inline: + data: | + #!/usr/bin/env bash + + # Copyright 2016 The Kubernetes Authors. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + # This script is for master and node instance health monitoring, which is + # packed in kube-manifest tarball. It is executed through a systemd service + # in cluster/gce/gci/.yaml. The env variables come from an env + # file provided by the systemd service. + + # This script is a slightly adjusted version of + # https://github.com/kubernetes/kubernetes/blob/e1a1aa211224fcd9b213420b80b2ae680669683d/cluster/gce/gci/health-monitor.sh + # Adjustments are: + # * Kubelet health port is 10248 not 10255 + # * Removal of all all references to the KUBE_ENV file + + set -o nounset + set -o pipefail + + # We simply kill the process when there is a failure. Another systemd service will + # automatically restart the process. + function container_runtime_monitoring() { + local -r max_attempts=5 + local attempt=1 + local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}" + # We still need to use 'docker ps' when container runtime is "docker". This is because + # dockershim is still part of kubelet today. When kubelet is down, crictl pods + # will also fail, and docker will be killed. This is undesirable especially when + # docker live restore is disabled. + local healthcheck_command="docker ps" + if [[ "${CONTAINER_RUNTIME:-docker}" != "docker" ]]; then + healthcheck_command="crictl pods" + fi + # Container runtime startup takes time. Make initial attempts before starting + # killing the container runtime. + until timeout 60 ${healthcheck_command} > /dev/null; do + if ((attempt == max_attempts)); then + echo "Max attempt ${max_attempts} reached! Proceeding to monitor container runtime healthiness." + break + fi + echo "$attempt initial attempt \"${healthcheck_command}\"! Trying again in $attempt seconds..." + sleep "$((2 ** attempt++))" + done + while true; do + if ! timeout 60 ${healthcheck_command} > /dev/null; then + echo "Container runtime ${container_runtime_name} failed!" + if [[ "$container_runtime_name" == "docker" ]]; then + # Dump stack of docker daemon for investigation. + # Log file name looks like goroutine-stacks-TIMESTAMP and will be saved to + # the exec root directory, which is /var/run/docker/ on Ubuntu and COS. + pkill -SIGUSR1 dockerd + fi + systemctl kill --kill-who=main "${container_runtime_name}" + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 120 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + function kubelet_monitoring() { + echo "Wait for 2 minutes for kubelet to be functional" + sleep 120 + local -r max_seconds=10 + local output="" + while true; do + local failed=false + + if journalctl -u kubelet -n 1 | grep -q "use of closed network connection"; then + failed=true + echo "Kubelet stopped posting node status. Restarting" + elif ! output=$(curl -m "${max_seconds}" -f -s -S http://127.0.0.1:10248/healthz 2>&1); then + failed=true + # Print the response and/or errors. + echo "$output" + fi + + if [[ "$failed" == "true" ]]; then + echo "Kubelet is unhealthy!" + systemctl kill kubelet + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 60 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + ############## Main Function ################ + if [[ "$#" -ne 1 ]]; then + echo "Usage: health-monitor.sh " + exit 1 + fi + + SLEEP_SECONDS=10 + component=$1 + echo "Start kubernetes health monitoring for ${component}" + if [[ "${component}" == "container-runtime" ]]; then + container_runtime_monitoring + elif [[ "${component}" == "kubelet" ]]; then + kubelet_monitoring + else + echo "Health monitoring for component ${component} is not supported!" + fi + encoding: b64 + path: /opt/bin/health-monitor.sh + permissions: 755 + - content: + inline: + data: | + [Journal] + SystemMaxUse=5G + encoding: b64 + path: /etc/systemd/journald.conf.d/max_disk_use.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + modprobe ip_tables + modprobe ip_vs + modprobe ip_vs_rr + modprobe ip_vs_wrr + modprobe ip_vs_sh + + if modinfo nf_conntrack_ipv4 &> /dev/null; then + modprobe nf_conntrack_ipv4 + else + modprobe nf_conntrack + fi + encoding: b64 + path: /opt/load-kernel-modules.sh + permissions: 755 + - content: + inline: + data: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + kernel.panic_on_oops = 1 + kernel.panic = 10 + net.ipv4.ip_forward = 1 + vm.overcommit_memory = 1 + fs.inotify.max_user_watches = 1048576 + fs.inotify.max_user_instances = 8192 + encoding: b64 + path: /etc/sysctl.d/k8s.conf + permissions: 644 + - content: + inline: + data: | + # This file controls the state of SELinux on the system. + # SELINUX= can take one of these three values: + # enforcing - SELinux security policy is enforced. + # permissive - SELinux prints warnings instead of enforcing. + # disabled - No SELinux policy is loaded. + SELINUX=permissive + # SELINUXTYPE= can take one of three two values: + # targeted - Targeted processes are protected, + # minimum - Modification of targeted policy. Only selected processes are protected. + # mls - Multi Level Security protection. + SELINUXTYPE=targeted + encoding: b64 + path: /etc/selinux/config + permissions: 644 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + + setenforce 0 || true + systemctl restart systemd-modules-load.service + sysctl --system + + yum install -y \ + device-mapper-persistent-data \ + lvm2 \ + ebtables \ + ethtool \ + nfs-utils \ + bash-completion \ + sudo \ + socat \ + wget \ + curl \ + ipvsadm + + systemctl disable --now firewalld || true + yum install -y yum-utils + yum-config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo + yum-config-manager --save --setopt=docker-ce-stable.module_hotfixes=true + + yum install -y containerd.io-1.5* yum-plugin-versionlock + yum versionlock add containerd.io + + systemctl daemon-reload + systemctl enable --now containerd + + opt_bin=/opt/bin + usr_local_bin=/usr/local/bin + cni_bin_dir=/opt/cni/bin + mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir" + mkdir -p /etc/kubernetes/dynamic-config-dir + arch=${HOST_ARCH-} + if [ -z "$arch" ] + then + case $(uname -m) in + x86_64) + arch="amd64" + ;; + aarch64) + arch="arm64" + ;; + *) + echo "unsupported CPU architecture, exiting" + exit 1 + ;; + esac + fi + CNI_VERSION="${CNI_VERSION:-v0.8.7}" + cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION" + cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz" + curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename" + cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256") + cd "$cni_bin_dir" + sha256sum -c <<<"$cni_sum" + tar xvf "$cni_filename" + rm -f "$cni_filename" + cd - + CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}" + cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}" + cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz" + curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename" + cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///') + cd "$opt_bin" + sha256sum -c <<<"$cri_tools_sum" + tar xvf "$cri_tools_filename" + rm -f "$cri_tools_filename" + ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped" + cd - + KUBE_VERSION="${KUBE_VERSION:-v1.22.2}" + kube_dir="$opt_bin/kubernetes-$KUBE_VERSION" + kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch" + kube_sum_file="$kube_dir/sha256" + mkdir -p "$kube_dir" + : >"$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin" + chmod +x "$kube_dir/$bin" + sum=$(curl -Lf "$kube_base_url/$bin.sha256") + echo "$sum $kube_dir/$bin" >>"$kube_sum_file" + done + sha256sum -c "$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + ln -sf "$kube_dir/$bin" "$opt_bin"/$bin + done + + DEFAULT_IFC_NAME=$(ip -o route get 1 | grep -oP "dev \K\S+") + + # enable DHCPv6 on the default interface + echo NETWORKING_IPV6=yes >> /etc/sysconfig/network + echo IPV6INIT=yes >> /etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME + echo DHCPV6C=yes >> /etc/sysconfig/network-scripts/ifcfg-$DEFAULT_IFC_NAME + ifdown $DEFAULT_IFC_NAME && ifup $DEFAULT_IFC_NAME + + mkdir -p /etc/systemd/system/kubelet.service.d/ + # set kubelet nodeip environment variable + /opt/bin/setup_net_env.sh + + systemctl enable --now kubelet + systemctl enable --now --no-block kubelet-healthcheck.service + encoding: b64 + path: /opt/bin/setup + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + while ! "$@"; do + sleep 1 + done + encoding: b64 + path: /opt/bin/supervise.sh + permissions: 755 + - content: + inline: + data: | + [Unit] + After=containerd.service + Requires=containerd.service + + Description=kubelet: The Kubernetes Node Agent + Documentation=https://kubernetes.io/docs/home/ + + [Service] + User=root + Restart=always + StartLimitInterval=0 + RestartSec=10 + CPUAccounting=true + MemoryAccounting=true + + Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/" + EnvironmentFile=-/etc/environment + + ExecStartPre=/bin/bash /opt/disable-swap.sh + ExecStartPre=/bin/bash /opt/load-kernel-modules.sh + ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh + ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \ + --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --config=/etc/kubernetes/kubelet.conf \ + --network-plugin=cni \ + --cert-dir=/etc/kubernetes/pki \ + --cloud-provider=aws \ + --cloud-config=/etc/kubernetes/cloud-config \ + --dynamic-config-dir=/etc/kubernetes/dynamic-config-dir \ + --feature-gates=DynamicKubeletConfig=true \ + --exit-on-lock-contention \ + --lock-file=/tmp/kubelet.lock \ + --container-runtime=remote \ + --container-runtime-endpoint=unix:///run/containerd/containerd.sock \ + --node-ip ${KUBELET_NODE_IP} + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet.service + permissions: 644 + - content: + inline: + data: |+ + [global] + Zone="eu-central-1b" + VPC="e-123f" + SubnetID="test-subnet" + + encoding: b64 + path: /etc/kubernetes/cloud-config + permissions: 600 + - content: + inline: + data: | + #!/usr/bin/env bash + echodate() { + echo "[$(date -Is)]" "$@" + } + + # get the default interface IP address + DEFAULT_IFC_IP=$(ip -o route get 1 | grep -oP "src \K\S+") + + if [ -z "${DEFAULT_IFC_IP}" ] + then + echodate "Failed to get IP address for the default route interface" + exit 1 + fi + + # get the full hostname + FULL_HOSTNAME=$(hostname -f) + # if /etc/hostname is not empty then use the hostname from there + if [ -s /etc/hostname ]; then + FULL_HOSTNAME=$(cat /etc/hostname) + fi + + # write the nodeip_env file + # we need the line below because flatcar has the same string "coreos" in that file + if grep -q coreos /etc/os-release + then + echo "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf + elif [ ! -d /etc/systemd/system/kubelet.service.d ] + then + echodate "Can't find kubelet service extras directory" + exit 1 + else + echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf + fi + encoding: b64 + path: /opt/bin/setup_net_env.sh + permissions: 755 + - content: + inline: + data: | + -----BEGIN CERTIFICATE----- + MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV + BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG + A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3 + DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0 + NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG + cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv + c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS + R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT + ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk + JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3 + mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW + caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G + A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt + hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB + MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES + MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv + bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h + U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao + eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4 + UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD + 58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n + sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF + kPe6XoSbiLm/kxk32T0= + -----END CERTIFICATE----- + encoding: b64 + path: /etc/kubernetes/pki/ca.crt + permissions: 644 + - content: + inline: + data: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/supervise.sh /opt/bin/setup + encoding: b64 + path: /etc/systemd/system/setup.service + permissions: 644 + - content: + inline: + data: | + export PATH="/opt/bin:$PATH" + encoding: b64 + path: /etc/profile.d/opt-bin-path.sh + permissions: 644 + - content: + inline: + data: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt + authorization: + mode: Webhook + cgroupDriver: systemd + clusterDNS: + - "10.0.0.0" + clusterDomain: cluster.local + containerLogMaxSize: 100Mi + containerLogMaxFiles: 5 + featureGates: + GracefulNodeShutdown: true + IdentifyPodOS: false + protectKernelDefaults: true + readOnlyPort: 0 + rotateCertificates: true + serverTLSBootstrap: true + staticPodPath: /etc/kubernetes/manifests + kubeReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + systemReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% + tlsCipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + volumePluginDir: /var/lib/kubelet/volumeplugins + encoding: b64 + path: /etc/kubernetes/kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet-healthcheck.service + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud + # providers swap gets enabled on reboot or after the setup script has finished executing. + sed -i.orig '/.*swap.*/d' /etc/fstab + swapoff -a + encoding: b64 + path: /opt/disable-swap.sh + permissions: 755 + - content: + inline: + data: | + runtime-endpoint: unix:///run/containerd/containerd.sock + path: /etc/crictl.yaml + permissions: 644 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/containerd.service.d/environment.conf + permissions: 644 + - content: + inline: + data: |+ + version = 2 + + [metrics] + address = "127.0.0.1:1338" + + [plugins] + [plugins."io.containerd.grpc.v1.cri"] + sandbox_image = "192.168.100.100:5000/kubernetes/pause:v3.1" + [plugins."io.containerd.grpc.v1.cri".containerd] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + runtime_type = "io.containerd.runc.v2" + [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] + SystemdCgroup = true + [plugins."io.containerd.grpc.v1.cri".registry] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors] + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] + endpoint = ["https://registry.docker-cn.com"] + [plugins."io.containerd.grpc.v1.cri".registry.configs] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.0.0.1:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."10.0.0.1:5000".tls] + insecure_skip_verify = true + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.100:5000"] + [plugins."io.containerd.grpc.v1.cri".registry.configs."192.168.100.100:5000".tls] + insecure_skip_verify = true + + encoding: b64 + path: /etc/containerd/config.toml + permissions: 600 + modules: + rh_subscription: + auto-attach: "false" + password: "" + username: "" + yum_repo_dir: /store/custom/yum.repos.d + yum_repos: + cloud-init-daily: + baseurl: https://k8c.io/osm + enabled_metadata: "1" + gpgcheck: "true" + gpgkey: https://k8c.io/osm/pubkey.gpg + name: test cloud-init yum repos + skip_if_unavailable: "true" + type: rpm-md + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c diff --git a/pkg/controllers/osc/testdata/osc-ubuntu-aws-docker.yaml b/pkg/controllers/osc/testdata/osc-ubuntu-aws-docker.yaml index e69de29b..b6c291eb 100644 --- a/pkg/controllers/osc/testdata/osc-ubuntu-aws-docker.yaml +++ b/pkg/controllers/osc/testdata/osc-ubuntu-aws-docker.yaml @@ -0,0 +1,649 @@ +apiVersion: operatingsystemmanager.k8c.io/v1alpha1 +kind: OperatingSystemConfig +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: ubuntu-aws-kube-system-config + namespace: kube-system + resourceVersion: "1" +spec: + bootstrapConfig: + files: + - content: + inline: + data: "#!/bin/bash\nset -xeuo pipefail\n\nexport DEBIAN_FRONTEND=noninteractive\napt + update && apt install -y curl jq\ncurl -s -k -v --header 'Authorization: + Bearer top-secret'\thttps://foo.bar:6443/api/v1/namespaces/cloud-init-settings/secrets/ubuntu-aws-kube-system-provisioning-config + | jq '.data[\"cloud-config\"]' -r| base64 -d > /etc/cloud/cloud.cfg.d/ubuntu-aws-kube-system-provisioning-config.cfg\ncloud-init + clean\ncloud-init --file /etc/cloud/cloud.cfg.d/ubuntu-aws-kube-system-provisioning-config.cfg + init\nsystemctl daemon-reload\n\nsystemctl restart setup.service\n" + encoding: b64 + path: /opt/bin/bootstrap + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + [Service] + Type=oneshot + RemainAfterExit=true + ExecStart=/opt/bin/bootstrap + encoding: b64 + path: /etc/systemd/system/bootstrap.service + permissions: 644 + modules: + runcmd: + - systemctl restart bootstrap.service + - systemctl daemon-reload + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c + cloudProvider: + name: aws + spec: + availabilityZone: eu-central-1b + subnetID: test-subnet + vpcId: e-123f + osName: ubuntu + osVersion: "20.04" + provisioningConfig: + files: + - content: + inline: + data: | + #!/usr/bin/env bash + + # Copyright 2016 The Kubernetes Authors. + # + # Licensed under the Apache License, Version 2.0 (the "License"); + # you may not use this file except in compliance with the License. + # You may obtain a copy of the License at + # + # http://www.apache.org/licenses/LICENSE-2.0 + # + # Unless required by applicable law or agreed to in writing, software + # distributed under the License is distributed on an "AS IS" BASIS, + # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + # See the License for the specific language governing permissions and + # limitations under the License. + + # This script is for master and node instance health monitoring, which is + # packed in kube-manifest tarball. It is executed through a systemd service + # in cluster/gce/gci/.yaml. The env variables come from an env + # file provided by the systemd service. + + # This script is a slightly adjusted version of + # https://github.com/kubernetes/kubernetes/blob/e1a1aa211224fcd9b213420b80b2ae680669683d/cluster/gce/gci/health-monitor.sh + # Adjustments are: + # * Kubelet health port is 10248 not 10255 + # * Removal of all all references to the KUBE_ENV file + + set -o nounset + set -o pipefail + + # We simply kill the process when there is a failure. Another systemd service will + # automatically restart the process. + function container_runtime_monitoring() { + local -r max_attempts=5 + local attempt=1 + local -r container_runtime_name="${CONTAINER_RUNTIME_NAME:-docker}" + # We still need to use 'docker ps' when container runtime is "docker". This is because + # dockershim is still part of kubelet today. When kubelet is down, crictl pods + # will also fail, and docker will be killed. This is undesirable especially when + # docker live restore is disabled. + local healthcheck_command="docker ps" + if [[ "${CONTAINER_RUNTIME:-docker}" != "docker" ]]; then + healthcheck_command="crictl pods" + fi + # Container runtime startup takes time. Make initial attempts before starting + # killing the container runtime. + until timeout 60 ${healthcheck_command} > /dev/null; do + if ((attempt == max_attempts)); then + echo "Max attempt ${max_attempts} reached! Proceeding to monitor container runtime healthiness." + break + fi + echo "$attempt initial attempt \"${healthcheck_command}\"! Trying again in $attempt seconds..." + sleep "$((2 ** attempt++))" + done + while true; do + if ! timeout 60 ${healthcheck_command} > /dev/null; then + echo "Container runtime ${container_runtime_name} failed!" + if [[ "$container_runtime_name" == "docker" ]]; then + # Dump stack of docker daemon for investigation. + # Log file name looks like goroutine-stacks-TIMESTAMP and will be saved to + # the exec root directory, which is /var/run/docker/ on Ubuntu and COS. + pkill -SIGUSR1 dockerd + fi + systemctl kill --kill-who=main "${container_runtime_name}" + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 120 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + function kubelet_monitoring() { + echo "Wait for 2 minutes for kubelet to be functional" + sleep 120 + local -r max_seconds=10 + local output="" + while true; do + local failed=false + + if journalctl -u kubelet -n 1 | grep -q "use of closed network connection"; then + failed=true + echo "Kubelet stopped posting node status. Restarting" + elif ! output=$(curl -m "${max_seconds}" -f -s -S http://127.0.0.1:10248/healthz 2>&1); then + failed=true + # Print the response and/or errors. + echo "$output" + fi + + if [[ "$failed" == "true" ]]; then + echo "Kubelet is unhealthy!" + systemctl kill kubelet + # Wait for a while, as we don't want to kill it again before it is really up. + sleep 60 + else + sleep "${SLEEP_SECONDS}" + fi + done + } + + ############## Main Function ################ + if [[ "$#" -ne 1 ]]; then + echo "Usage: health-monitor.sh " + exit 1 + fi + + SLEEP_SECONDS=10 + component=$1 + echo "Start kubernetes health monitoring for ${component}" + if [[ "${component}" == "container-runtime" ]]; then + container_runtime_monitoring + elif [[ "${component}" == "kubelet" ]]; then + kubelet_monitoring + else + echo "Health monitoring for component ${component} is not supported!" + fi + encoding: b64 + path: /opt/bin/health-monitor.sh + permissions: 755 + - content: + inline: + data: | + [Journal] + SystemMaxUse=5G + encoding: b64 + path: /etc/systemd/journald.conf.d/max_disk_use.conf + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + modprobe ip_vs + modprobe ip_vs_rr + modprobe ip_vs_wrr + modprobe ip_vs_sh + + if modinfo nf_conntrack_ipv4 &> /dev/null; then + modprobe nf_conntrack_ipv4 + else + modprobe nf_conntrack + fi + encoding: b64 + path: /opt/load-kernel-modules.sh + permissions: 755 + - content: + inline: + data: | + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + kernel.panic_on_oops = 1 + kernel.panic = 10 + net.ipv4.ip_forward = 1 + vm.overcommit_memory = 1 + fs.inotify.max_user_watches = 1048576 + fs.inotify.max_user_instances = 8192 + encoding: b64 + path: /etc/sysctl.d/k8s.conf + permissions: 644 + - content: + inline: + data: | + # Added by kubermatic machine-controller + # Enable cgroups memory and swap accounting + GRUB_CMDLINE_LINUX="cgroup_enable=memory swapaccount=1" + encoding: b64 + path: /etc/default/grub.d/60-swap-accounting.cfg + permissions: 644 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + if systemctl is-active ufw; then systemctl stop ufw; fi + systemctl mask ufw + systemctl restart systemd-modules-load.service + sysctl --system + + apt-get update + + DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" install -y \ + curl \ + ca-certificates \ + ceph-common \ + cifs-utils \ + conntrack \ + e2fsprogs \ + ebtables \ + ethtool \ + glusterfs-client \ + iptables \ + jq \ + kmod \ + openssh-client \ + nfs-common \ + socat \ + util-linux \ + ipvsadm + apt-get update + apt-get install -y apt-transport-https ca-certificates curl software-properties-common lsb-release + curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - + add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" + + apt-get install --allow-downgrades -y \ + containerd.io=1.5* \ + docker-ce-cli=5:19.03* \ + docker-ce=5:19.03* + apt-mark hold docker-ce* containerd.io + + systemctl daemon-reload + systemctl enable --now docker + + opt_bin=/opt/bin + usr_local_bin=/usr/local/bin + cni_bin_dir=/opt/cni/bin + mkdir -p /etc/cni/net.d /etc/kubernetes/manifests "$opt_bin" "$cni_bin_dir" + mkdir -p /etc/kubernetes/dynamic-config-dir + arch=${HOST_ARCH-} + if [ -z "$arch" ] + then + case $(uname -m) in + x86_64) + arch="amd64" + ;; + aarch64) + arch="arm64" + ;; + *) + echo "unsupported CPU architecture, exiting" + exit 1 + ;; + esac + fi + CNI_VERSION="${CNI_VERSION:-v0.8.7}" + cni_base_url="https://github.com/containernetworking/plugins/releases/download/$CNI_VERSION" + cni_filename="cni-plugins-linux-$arch-$CNI_VERSION.tgz" + curl -Lfo "$cni_bin_dir/$cni_filename" "$cni_base_url/$cni_filename" + cni_sum=$(curl -Lf "$cni_base_url/$cni_filename.sha256") + cd "$cni_bin_dir" + sha256sum -c <<<"$cni_sum" + tar xvf "$cni_filename" + rm -f "$cni_filename" + cd - + CRI_TOOLS_RELEASE="${CRI_TOOLS_RELEASE:-v1.22.0}" + cri_tools_base_url="https://github.com/kubernetes-sigs/cri-tools/releases/download/${CRI_TOOLS_RELEASE}" + cri_tools_filename="crictl-${CRI_TOOLS_RELEASE}-linux-${arch}.tar.gz" + curl -Lfo "$opt_bin/$cri_tools_filename" "$cri_tools_base_url/$cri_tools_filename" + cri_tools_sum=$(curl -Lf "$cri_tools_base_url/$cri_tools_filename.sha256" | sed 's/\*\///') + cd "$opt_bin" + sha256sum -c <<<"$cri_tools_sum" + tar xvf "$cri_tools_filename" + rm -f "$cri_tools_filename" + ln -sf "$opt_bin/crictl" "$usr_local_bin"/crictl || echo "symbolic link is skipped" + cd - + KUBE_VERSION="${KUBE_VERSION:-v1.22.2}" + kube_dir="$opt_bin/kubernetes-$KUBE_VERSION" + kube_base_url="https://storage.googleapis.com/kubernetes-release/release/$KUBE_VERSION/bin/linux/$arch" + kube_sum_file="$kube_dir/sha256" + mkdir -p "$kube_dir" + : >"$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + curl -Lfo "$kube_dir/$bin" "$kube_base_url/$bin" + chmod +x "$kube_dir/$bin" + sum=$(curl -Lf "$kube_base_url/$bin.sha256") + echo "$sum $kube_dir/$bin" >>"$kube_sum_file" + done + sha256sum -c "$kube_sum_file" + + for bin in kubelet kubeadm kubectl; do + ln -sf "$kube_dir/$bin" "$opt_bin"/$bin + done + + # set kubelet nodeip environment variable + /opt/bin/setup_net_env.sh + + systemctl enable --now kubelet + systemctl enable --now --no-block kubelet-healthcheck.service + encoding: b64 + path: /opt/bin/setup + permissions: 755 + - content: + inline: + data: | + #!/bin/bash + set -xeuo pipefail + while ! "$@"; do + sleep 1 + done + encoding: b64 + path: /opt/bin/supervise.sh + permissions: 755 + - content: + inline: + data: | + [Unit] + After=docker.service + Requires=docker.service + + Description=kubelet: The Kubernetes Node Agent + Documentation=https://kubernetes.io/docs/home/ + + [Service] + User=root + Restart=always + StartLimitInterval=0 + RestartSec=10 + CPUAccounting=true + MemoryAccounting=true + + Environment="PATH=/opt/bin:/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin/" + EnvironmentFile=-/etc/environment + + ExecStartPre=/bin/bash /opt/disable-swap.sh + ExecStartPre=/bin/bash /opt/load-kernel-modules.sh + ExecStartPre=/bin/bash /opt/bin/setup_net_env.sh + ExecStart=/opt/bin/kubelet $KUBELET_EXTRA_ARGS \ + --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf \ + --kubeconfig=/var/lib/kubelet/kubeconfig \ + --config=/etc/kubernetes/kubelet.conf \ + --network-plugin=cni \ + --cert-dir=/etc/kubernetes/pki \ + --cloud-provider=aws \ + --cloud-config=/etc/kubernetes/cloud-config \ + --dynamic-config-dir=/etc/kubernetes/dynamic-config-dir \ + --feature-gates=DynamicKubeletConfig=true \ + --exit-on-lock-contention \ + --lock-file=/tmp/kubelet.lock \ + --container-runtime=docker \ + --container-runtime-endpoint=unix:///var/run/dockershim.sock \ + --node-ip ${KUBELET_NODE_IP} + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet.service + permissions: 644 + - content: + inline: + data: | + [Service] + Environment="KUBELET_EXTRA_ARGS=--resolv-conf=/run/systemd/resolve/resolv.conf" + encoding: b64 + path: /etc/systemd/system/kubelet.service.d/extras.conf + permissions: 644 + - content: + inline: + data: |+ + [global] + Zone="eu-central-1b" + VPC="e-123f" + SubnetID="test-subnet" + + encoding: b64 + path: /etc/kubernetes/cloud-config + permissions: 600 + - content: + inline: + data: | + #!/usr/bin/env bash + echodate() { + echo "[$(date -Is)]" "$@" + } + + # get the default interface IP address + DEFAULT_IFC_IP=$(ip -o route get 1 | grep -oP "src \K\S+") + + if [ -z "${DEFAULT_IFC_IP}" ] + then + echodate "Failed to get IP address for the default route interface" + exit 1 + fi + + + # get the full hostname + FULL_HOSTNAME=$(hostname -f) + # if /etc/hostname is not empty then use the hostname from there + if [ -s /etc/hostname ]; then + FULL_HOSTNAME=$(cat /etc/hostname) + fi + + # write the nodeip_env file + # we need the line below because flatcar has the same string "coreos" in that file + if grep -q coreos /etc/os-release + then + echo "KUBELET_NODE_IP=${DEFAULT_IFC_IP}\nKUBELET_HOSTNAME=${FULL_HOSTNAME}" > /etc/kubernetes/nodeip.conf + elif [ ! -d /etc/systemd/system/kubelet.service.d ] + then + echodate "Can't find kubelet service extras directory" + exit 1 + else + echo -e "[Service]\nEnvironment=\"KUBELET_NODE_IP=${DEFAULT_IFC_IP}\"\nEnvironment=\"KUBELET_HOSTNAME=${FULL_HOSTNAME}\"" > /etc/systemd/system/kubelet.service.d/nodeip.conf + fi + encoding: b64 + path: /opt/bin/setup_net_env.sh + permissions: 755 + - content: + inline: + data: | + -----BEGIN CERTIFICATE----- + MIIEWjCCA0KgAwIBAgIJALfRlWsI8YQHMA0GCSqGSIb3DQEBBQUAMHsxCzAJBgNV + BAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzEUMBIG + A1UEChMLQnJhZGZpdHppbmMxEjAQBgNVBAMTCWxvY2FsaG9zdDEdMBsGCSqGSIb3 + DQEJARYOYnJhZEBkYW5nYS5jb20wHhcNMTQwNzE1MjA0NjA1WhcNMTcwNTA0MjA0 + NjA1WjB7MQswCQYDVQQGEwJVUzELMAkGA1UECBMCQ0ExFjAUBgNVBAcTDVNhbiBG + cmFuY2lzY28xFDASBgNVBAoTC0JyYWRmaXR6aW5jMRIwEAYDVQQDEwlsb2NhbGhv + c3QxHTAbBgkqhkiG9w0BCQEWDmJyYWRAZGFuZ2EuY29tMIIBIjANBgkqhkiG9w0B + AQEFAAOCAQ8AMIIBCgKCAQEAt5fAjp4fTcekWUTfzsp0kyih1OYbsGL0KX1eRbSS + R8Od0+9Q62Hyny+GFwMTb4A/KU8mssoHvcceSAAbwfbxFK/+s51TobqUnORZrOoT + ZjkUygbyXDSK99YBbcR1Pip8vwMTm4XKuLtCigeBBdjjAQdgUO28LENGlsMnmeYk + JfODVGnVmr5Ltb9ANA8IKyTfsnHJ4iOCS/PlPbUj2q7YnoVLposUBMlgUb/CykX3 + mOoLb4yJJQyA/iST6ZxiIEj36D4yWZ5lg7YJl+UiiBQHGCnPdGyipqV06ex0heYW + caiW8LWZSUQ93jQ+WVCH8hT7DQO1dmsvUmXlq/JeAlwQ/QIDAQABo4HgMIHdMB0G + A1UdDgQWBBRcAROthS4P4U7vTfjByC569R7E6DCBrQYDVR0jBIGlMIGigBRcAROt + hS4P4U7vTfjByC569R7E6KF/pH0wezELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAkNB + MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQwEgYDVQQKEwtCcmFkZml0emluYzES + MBAGA1UEAxMJbG9jYWxob3N0MR0wGwYJKoZIhvcNAQkBFg5icmFkQGRhbmdhLmNv + bYIJALfRlWsI8YQHMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAG6h + U9f9sNH0/6oBbGGy2EVU0UgITUQIrFWo9rFkrW5k/XkDjQm+3lzjT0iGR4IxE/Ao + eU6sQhua7wrWeFEn47GL98lnCsJdD7oZNhFmQ95Tb/LnDUjs5Yj9brP0NWzXfYU4 + UK2ZnINJRcJpB8iRCaCxE8DdcUF0XqIEq6pA272snoLmiXLMvNl3kYEdm+je6voD + 58SNVEUsztzQyXmJEhCpwVI0A6QCjzXj+qvpmw3ZZHi8JwXei8ZZBLTSFBki8Z7n + sH9BBH38/SzUmAN4QHSPy1gjqm00OAE8NaYDkh/bzE4d7mLGGMWp/WE3KPSu82HF + kPe6XoSbiLm/kxk32T0= + -----END CERTIFICATE----- + encoding: b64 + path: /etc/kubernetes/pki/ca.crt + permissions: 644 + - content: + inline: + data: |+ + apiVersion: v1 + clusters: + - cluster: + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURHRENDQWdDZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREE5TVRzd09RWURWUVFERXpKeWIyOTAKTFdOaExuUTNjV3R4ZURWeGRDNWxkWEp2Y0dVdGQyVnpkRE10WXk1a1pYWXVhM1ZpWlhKdFlYUnBZeTVwYnpBZQpGdzB4T0RBeU1ERXhNelUyTURoYUZ3MHlPREF4TXpBeE16VTJNRGhhTUQweE96QTVCZ05WQkFNVE1uSnZiM1F0ClkyRXVkRGR4YTNGNE5YRjBMbVYxY205d1pTMTNaWE4wTXkxakxtUmxkaTVyZFdKbGNtMWhkR2xqTG1sdk1JSUIKSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXA2SDZWNTZiWUh2Q2V6TGtyZkl6TTgxYgppbzcvWmF3L0xLRXcwZUYrTE12NEUrL1EvZkZoc0hDK21oZUxnMUhXVVBGUFJrNFBRODVtQS80dGppbWpTUEZECms2U0ltektGTFlRZ3dDZ2dpVzhOMmhPKzl6ckJVQUxKRkdCNjRvT2NiQmo2RXIvK05sUEdJM1JSV1dkaUVUV0YKV1lDNGpmSmpiRjVQYnl5WEhuc0dmdFNOWVpCTDcxVzdoOWpMV3B5VVdLTDZaWUFOd0RPTjJSYnA3dHB1dzBYNgprayswQVZ3VnprMzArTU56bWY1MHF3K284MThiZkxVRGthTk1mTFM2STB3UW03UkdnK01nVlJEeTNDdVlxZklXClkyeng2YzdQcXpGc1ZWZklyYTBiMHFhdE5sMVhIajh0K0dOcWRiaTIvRlFqQ3hpbFROdW50VDN2eTJlT0hRSUQKQVFBQm95TXdJVEFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBSW1FbklYVjNEeW1DcTlxUDdwK3VKNTV1Zlhka1IyZ2hEVVlyVFRjUHdqUjJqVEhhCmlaQStnOG42UXJVb0NENnN6RytsaGFsN2hQNnhkV3VSalhGSE83Yk52NjNJcUVHelJEZ3c1Z3djcVVUWkV2d2cKZ216NzU5dy9hRmYxVjEyaDFhZlBtQTlFRzVOZEh4c3g5QWxIK0Y2dHlzcHBXaFU4WEVRVUFLQ1BqbndVbUs0cAo3Z3ZUWnIyeno0bndoWm8zTDg5MDNxcHRjcTFsWjRPWXNEb1hvbDF1emFRSDgyeHl3ZVNLQ0tYcE9iaXplNVowCndwbmpkRHVIODd4NHI0TGpNWnB1M3ZYNkxqQkRNUFdrSEhQTjVBaW0xSkx0Ny9STFBnVHRqc0pNclRBUzdoZ1oKZktMTDlRTVFsNnMxckhKNEtrL2U3S0c4SEE0aEVORWhrOVlEZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + server: https://foo.bar:6443 + name: c + contexts: + - context: + cluster: c + user: c + name: c + current-context: c + kind: Config + preferences: {} + users: + - name: c + user: + token: test.test + + encoding: b64 + path: /etc/kubernetes/bootstrap-kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Install] + WantedBy=multi-user.target + + [Unit] + Requires=network-online.target + After=network-online.target + + [Service] + Type=oneshot + RemainAfterExit=true + EnvironmentFile=-/etc/environment + ExecStart=/opt/bin/supervise.sh /opt/bin/setup + encoding: b64 + path: /etc/systemd/system/setup.service + permissions: 644 + - content: + inline: + data: | + export PATH="/opt/bin:$PATH" + encoding: b64 + path: /etc/profile.d/opt-bin-path.sh + permissions: 644 + - content: + inline: + data: | + apiVersion: kubelet.config.k8s.io/v1beta1 + kind: KubeletConfiguration + authentication: + anonymous: + enabled: false + webhook: + enabled: true + x509: + clientCAFile: /etc/kubernetes/pki/ca.crt + authorization: + mode: Webhook + cgroupDriver: systemd + clusterDNS: + - "10.0.0.0" + clusterDomain: cluster.local + featureGates: + GracefulNodeShutdown: true + IdentifyPodOS: false + protectKernelDefaults: true + readOnlyPort: 0 + rotateCertificates: true + serverTLSBootstrap: true + staticPodPath: /etc/kubernetes/manifests + kubeReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + systemReserved: + cpu: 200m + ephemeral-storage: 1Gi + memory: 200Mi + evictionHard: + imagefs.available: 15% + memory.available: 100Mi + nodefs.available: 10% + nodefs.inodesFree: 5% + tlsCipherSuites: + - TLS_AES_128_GCM_SHA256 + - TLS_AES_256_GCM_SHA384 + - TLS_CHACHA20_POLY1305_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 + - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 + - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 + volumePluginDir: /var/lib/kubelet/volumeplugins + encoding: b64 + path: /etc/kubernetes/kubelet.conf + permissions: 644 + - content: + inline: + data: | + [Unit] + Requires=kubelet.service + After=kubelet.service + + [Service] + ExecStart=/opt/bin/health-monitor.sh kubelet + + [Install] + WantedBy=multi-user.target + encoding: b64 + path: /etc/systemd/system/kubelet-healthcheck.service + permissions: 644 + - content: + inline: + data: | + #!/usr/bin/env bash + set -euo pipefail + + # Make sure we always disable swap - Otherwise the kubelet won't start as for some cloud + # providers swap gets enabled on reboot or after the setup script has finished executing. + sed -i.orig '/.*swap.*/d' /etc/fstab + swapoff -a + encoding: b64 + path: /opt/disable-swap.sh + permissions: 755 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/containerd.service.d/environment.conf + permissions: 644 + - content: + inline: + data: | + [Service] + Restart=always + EnvironmentFile=-/etc/environment + path: /etc/systemd/system/docker.service.d/environment.conf + permissions: 644 + - content: + inline: + data: '{"exec-opts":["native.cgroupdriver=systemd"],"storage-driver":"overlay2","log-driver":"json-file","log-opts":{"max-file":"5","max-size":"100m"},"insecure-registries":["192.168.100.100:5000","10.0.0.1:5000"],"registry-mirrors":["https://registry.docker-cn.com"]}' + encoding: b64 + path: /etc/docker/daemon.json + permissions: 644 + - content: + inline: + data: "" + encoding: b64 + path: /root/.docker/config.json + permissions: 600 + userSSHKeys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDdOIhYmzCK5DSVLu3c diff --git a/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-bootstrap.yaml b/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-bootstrap.yaml index e69de29b..c89b82ac 100644 --- a/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-bootstrap.yaml +++ b/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-bootstrap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: eyJpZ25pdGlvbiI6eyJjb25maWciOnt9LCJzZWN1cml0eSI6eyJ0bHMiOnt9fSwidGltZW91dHMiOnt9LCJ2ZXJzaW9uIjoiMi4zLjAifSwibmV0d29ya2QiOnt9LCJwYXNzd2QiOnsidXNlcnMiOlt7Im5hbWUiOiJjb3JlIiwic3NoQXV0aG9yaXplZEtleXMiOlsic3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFEZE9JaFltekNLNURTVkx1M2MiXX1dfSwic3RvcmFnZSI6eyJmaWxlcyI6W3siZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL29wdC9iaW4vYm9vdHN0cmFwIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosSXlFdlltbHVMMkpoYzJnS2MyVjBJQzE0WlhWdklIQnBjR1ZtWVdsc0NtRndkQ0IxY0dSaGRHVWdKaVlnWVhCMElHbHVjM1JoYkd3Z0xYa2dZM1Z5YkNCcWNRcGpkWEpzSUMxeklDMXJJQzEySUMwdGFHVmhaR1Z5SUNkQmRYUm9iM0pwZW1GMGFXOXVPaUJDWldGeVpYSWdkRzl3TFhObFkzSmxkQ2NKYUhSMGNITTZMeTltYjI4dVltRnlPalkwTkRNdllYQnBMM1l4TDI1aGJXVnpjR0ZqWlhNdlkyeHZkV1F0YVc1cGRDMXpaWFIwYVc1bmN5OXpaV055WlhSekwyWnNZWFJqWVhJdFlYZHpMV052Ym5SaGFXNWxjbVF0YTNWaVpTMXplWE4wWlcwdGNISnZkbWx6YVc5dWFXNW5MV052Ym1acFp5QjhJR3B4SUNjdVpHRjBZVnNpWTJ4dmRXUXRZMjl1Wm1sbklsMG5JQzF5ZkNCaVlYTmxOalFnTFdRZ1BpQXZkWE55TDNOb1lYSmxMMjlsYlM5amIyNW1hV2N1YVdkdUNuUnZkV05vSUM5aWIyOTBMMlpzWVhSallYSXZabWx5YzNSZlltOXZkQXB6ZVhOMFpXMWpkR3dnWkdsellXSnNaU0JpYjI5MGMzUnlZWEF1YzJWeWRtbGpaUXB5YlNBdlpYUmpMM041YzNSbGJXUXZjM2x6ZEdWdEwySnZiM1J6ZEhKaGNDNXpaWEoyYVdObENuSnRJQzlsZEdNdmJXRmphR2x1WlMxcFpBcHlaV0p2YjNRSyUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXN0ZW1kL3N5c3RlbS9ib290c3RyYXAuc2VydmljZSIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LEl5RXZZbWx1TDJKaGMyZ0tXMGx1YzNSaGJHeGRDbGRoYm5SbFpFSjVQVzExYkhScExYVnpaWEl1ZEdGeVoyVjBDZ3BiVlc1cGRGMEtVbVZ4ZFdseVpYTTlibVYwZDI5eWF5MXZibXhwYm1VdWRHRnlaMlYwQ2tGbWRHVnlQVzVsZEhkdmNtc3RiMjVzYVc1bExuUmhjbWRsZEFwYlUyVnlkbWxqWlYwS1ZIbHdaVDF2Ym1WemFHOTBDbEpsYldGcGJrRm1kR1Z5UlhocGREMTBjblZsQ2tWNFpXTlRkR0Z5ZEQwdmIzQjBMMkpwYmk5aWIyOTBjM1J5WVhBSyUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9XX0sInN5c3RlbWQiOnt9fQ== +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: flatcar-aws-containerd-kube-system-bootstrap-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-provisioning.yaml b/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-provisioning.yaml index e69de29b..488e47db 100644 --- a/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-flatcar-aws-containerd-provisioning.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: eyJpZ25pdGlvbiI6eyJjb25maWciOnt9LCJzZWN1cml0eSI6eyJ0bHMiOnt9fSwidGltZW91dHMiOnt9LCJ2ZXJzaW9uIjoiMi4zLjAifSwibmV0d29ya2QiOnt9LCJwYXNzd2QiOnsidXNlcnMiOlt7Im5hbWUiOiJjb3JlIiwic3NoQXV0aG9yaXplZEtleXMiOlsic3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFEZE9JaFltekNLNURTVkx1M2MiXX1dfSwic3RvcmFnZSI6eyJmaWxlcyI6W3siZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL29wdC9iaW4vaGVhbHRoLW1vbml0b3Iuc2giLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGdXNyJTJGYmluJTJGZW52JTIwYmFzaCUwQSUwQSUyMyUyMENvcHlyaWdodCUyMDIwMTYlMjBUaGUlMjBLdWJlcm5ldGVzJTIwQXV0aG9ycy4lMEElMjMlMEElMjMlMjBMaWNlbnNlZCUyMHVuZGVyJTIwdGhlJTIwQXBhY2hlJTIwTGljZW5zZSUyQyUyMFZlcnNpb24lMjAyLjAlMjAodGhlJTIwJTIyTGljZW5zZSUyMiklM0IlMEElMjMlMjB5b3UlMjBtYXklMjBub3QlMjB1c2UlMjB0aGlzJTIwZmlsZSUyMGV4Y2VwdCUyMGluJTIwY29tcGxpYW5jZSUyMHdpdGglMjB0aGUlMjBMaWNlbnNlLiUwQSUyMyUyMFlvdSUyMG1heSUyMG9idGFpbiUyMGElMjBjb3B5JTIwb2YlMjB0aGUlMjBMaWNlbnNlJTIwYXQlMEElMjMlMEElMjMlMjAlMjAlMjAlMjAlMjBodHRwJTNBJTJGJTJGd3d3LmFwYWNoZS5vcmclMkZsaWNlbnNlcyUyRkxJQ0VOU0UtMi4wJTBBJTIzJTBBJTIzJTIwVW5sZXNzJTIwcmVxdWlyZWQlMjBieSUyMGFwcGxpY2FibGUlMjBsYXclMjBvciUyMGFncmVlZCUyMHRvJTIwaW4lMjB3cml0aW5nJTJDJTIwc29mdHdhcmUlMEElMjMlMjBkaXN0cmlidXRlZCUyMHVuZGVyJTIwdGhlJTIwTGljZW5zZSUyMGlzJTIwZGlzdHJpYnV0ZWQlMjBvbiUyMGFuJTIwJTIyQVMlMjBJUyUyMiUyMEJBU0lTJTJDJTBBJTIzJTIwV0lUSE9VVCUyMFdBUlJBTlRJRVMlMjBPUiUyMENPTkRJVElPTlMlMjBPRiUyMEFOWSUyMEtJTkQlMkMlMjBlaXRoZXIlMjBleHByZXNzJTIwb3IlMjBpbXBsaWVkLiUwQSUyMyUyMFNlZSUyMHRoZSUyMExpY2Vuc2UlMjBmb3IlMjB0aGUlMjBzcGVjaWZpYyUyMGxhbmd1YWdlJTIwZ292ZXJuaW5nJTIwcGVybWlzc2lvbnMlMjBhbmQlMEElMjMlMjBsaW1pdGF0aW9ucyUyMHVuZGVyJTIwdGhlJTIwTGljZW5zZS4lMEElMEElMjMlMjBUaGlzJTIwc2NyaXB0JTIwaXMlMjBmb3IlMjBtYXN0ZXIlMjBhbmQlMjBub2RlJTIwaW5zdGFuY2UlMjBoZWFsdGglMjBtb25pdG9yaW5nJTJDJTIwd2hpY2glMjBpcyUwQSUyMyUyMHBhY2tlZCUyMGluJTIwa3ViZS1tYW5pZmVzdCUyMHRhcmJhbGwuJTIwSXQlMjBpcyUyMGV4ZWN1dGVkJTIwdGhyb3VnaCUyMGElMjBzeXN0ZW1kJTIwc2VydmljZSUwQSUyMyUyMGluJTIwY2x1c3RlciUyRmdjZSUyRmdjaSUyRiUzQ21hc3RlciUyRm5vZGUlM0UueWFtbC4lMjBUaGUlMjBlbnYlMjB2YXJpYWJsZXMlMjBjb21lJTIwZnJvbSUyMGFuJTIwZW52JTBBJTIzJTIwZmlsZSUyMHByb3ZpZGVkJTIwYnklMjB0aGUlMjBzeXN0ZW1kJTIwc2VydmljZS4lMEElMEElMjMlMjBUaGlzJTIwc2NyaXB0JTIwaXMlMjBhJTIwc2xpZ2h0bHklMjBhZGp1c3RlZCUyMHZlcnNpb24lMjBvZiUwQSUyMyUyMGh0dHBzJTNBJTJGJTJGZ2l0aHViLmNvbSUyRmt1YmVybmV0ZXMlMkZrdWJlcm5ldGVzJTJGYmxvYiUyRmUxYTFhYTIxMTIyNGZjZDliMjEzNDIwYjgwYjJhZTY4MDY2OTY4M2QlMkZjbHVzdGVyJTJGZ2NlJTJGZ2NpJTJGaGVhbHRoLW1vbml0b3Iuc2glMEElMjMlMjBBZGp1c3RtZW50cyUyMGFyZSUzQSUwQSUyMyUyMColMjBLdWJlbGV0JTIwaGVhbHRoJTIwcG9ydCUyMGlzJTIwMTAyNDglMjBub3QlMjAxMDI1NSUwQSUyMyUyMColMjBSZW1vdmFsJTIwb2YlMjBhbGwlMjBhbGwlMjByZWZlcmVuY2VzJTIwdG8lMjB0aGUlMjBLVUJFX0VOViUyMGZpbGUlMEElMEFzZXQlMjAtbyUyMG5vdW5zZXQlMEFzZXQlMjAtbyUyMHBpcGVmYWlsJTBBJTBBJTIzJTIwV2UlMjBzaW1wbHklMjBraWxsJTIwdGhlJTIwcHJvY2VzcyUyMHdoZW4lMjB0aGVyZSUyMGlzJTIwYSUyMGZhaWx1cmUuJTIwQW5vdGhlciUyMHN5c3RlbWQlMjBzZXJ2aWNlJTIwd2lsbCUwQSUyMyUyMGF1dG9tYXRpY2FsbHklMjByZXN0YXJ0JTIwdGhlJTIwcHJvY2Vzcy4lMEFmdW5jdGlvbiUyMGNvbnRhaW5lcl9ydW50aW1lX21vbml0b3JpbmcoKSUyMCU3QiUwQSUyMCUyMGxvY2FsJTIwLXIlMjBtYXhfYXR0ZW1wdHMlM0Q1JTBBJTIwJTIwbG9jYWwlMjBhdHRlbXB0JTNEMSUwQSUyMCUyMGxvY2FsJTIwLXIlMjBjb250YWluZXJfcnVudGltZV9uYW1lJTNEJTIyJTI0JTdCQ09OVEFJTkVSX1JVTlRJTUVfTkFNRSUzQS1kb2NrZXIlN0QlMjIlMEElMjAlMjAlMjMlMjBXZSUyMHN0aWxsJTIwbmVlZCUyMHRvJTIwdXNlJTIwJ2RvY2tlciUyMHBzJyUyMHdoZW4lMjBjb250YWluZXIlMjBydW50aW1lJTIwaXMlMjAlMjJkb2NrZXIlMjIuJTIwVGhpcyUyMGlzJTIwYmVjYXVzZSUwQSUyMCUyMCUyMyUyMGRvY2tlcnNoaW0lMjBpcyUyMHN0aWxsJTIwcGFydCUyMG9mJTIwa3ViZWxldCUyMHRvZGF5LiUyMFdoZW4lMjBrdWJlbGV0JTIwaXMlMjBkb3duJTJDJTIwY3JpY3RsJTIwcG9kcyUwQSUyMCUyMCUyMyUyMHdpbGwlMjBhbHNvJTIwZmFpbCUyQyUyMGFuZCUyMGRvY2tlciUyMHdpbGwlMjBiZSUyMGtpbGxlZC4lMjBUaGlzJTIwaXMlMjB1bmRlc2lyYWJsZSUyMGVzcGVjaWFsbHklMjB3aGVuJTBBJTIwJTIwJTIzJTIwZG9ja2VyJTIwbGl2ZSUyMHJlc3RvcmUlMjBpcyUyMGRpc2FibGVkLiUwQSUyMCUyMGxvY2FsJTIwaGVhbHRoY2hlY2tfY29tbWFuZCUzRCUyMmRvY2tlciUyMHBzJTIyJTBBJTIwJTIwaWYlMjAlNUIlNUIlMjAlMjIlMjQlN0JDT05UQUlORVJfUlVOVElNRSUzQS1kb2NrZXIlN0QlMjIlMjAhJTNEJTIwJTIyZG9ja2VyJTIyJTIwJTVEJTVEJTNCJTIwdGhlbiUwQSUyMCUyMCUyMCUyMGhlYWx0aGNoZWNrX2NvbW1hbmQlM0QlMjJjcmljdGwlMjBwb2RzJTIyJTBBJTIwJTIwZmklMEElMjAlMjAlMjMlMjBDb250YWluZXIlMjBydW50aW1lJTIwc3RhcnR1cCUyMHRha2VzJTIwdGltZS4lMjBNYWtlJTIwaW5pdGlhbCUyMGF0dGVtcHRzJTIwYmVmb3JlJTIwc3RhcnRpbmclMEElMjAlMjAlMjMlMjBraWxsaW5nJTIwdGhlJTIwY29udGFpbmVyJTIwcnVudGltZS4lMEElMjAlMjB1bnRpbCUyMHRpbWVvdXQlMjA2MCUyMCUyNCU3QmhlYWx0aGNoZWNrX2NvbW1hbmQlN0QlMjAlM0UlMjAlMkZkZXYlMkZudWxsJTNCJTIwZG8lMEElMjAlMjAlMjAlMjBpZiUyMCgoYXR0ZW1wdCUyMCUzRCUzRCUyMG1heF9hdHRlbXB0cykpJTNCJTIwdGhlbiUwQSUyMCUyMCUyMCUyMCUyMCUyMGVjaG8lMjAlMjJNYXglMjBhdHRlbXB0JTIwJTI0JTdCbWF4X2F0dGVtcHRzJTdEJTIwcmVhY2hlZCElMjBQcm9jZWVkaW5nJTIwdG8lMjBtb25pdG9yJTIwY29udGFpbmVyJTIwcnVudGltZSUyMGhlYWx0aGluZXNzLiUyMiUwQSUyMCUyMCUyMCUyMCUyMCUyMGJyZWFrJTBBJTIwJTIwJTIwJTIwZmklMEElMjAlMjAlMjAlMjBlY2hvJTIwJTIyJTI0YXR0ZW1wdCUyMGluaXRpYWwlMjBhdHRlbXB0JTIwJTVDJTIyJTI0JTdCaGVhbHRoY2hlY2tfY29tbWFuZCU3RCU1QyUyMiElMjBUcnlpbmclMjBhZ2FpbiUyMGluJTIwJTI0YXR0ZW1wdCUyMHNlY29uZHMuLi4lMjIlMEElMjAlMjAlMjAlMjBzbGVlcCUyMCUyMiUyNCgoMiUyMCoqJTIwYXR0ZW1wdCUyQiUyQikpJTIyJTBBJTIwJTIwZG9uZSUwQSUyMCUyMHdoaWxlJTIwdHJ1ZSUzQiUyMGRvJTBBJTIwJTIwJTIwJTIwaWYlMjAhJTIwdGltZW91dCUyMDYwJTIwJTI0JTdCaGVhbHRoY2hlY2tfY29tbWFuZCU3RCUyMCUzRSUyMCUyRmRldiUyRm51bGwlM0IlMjB0aGVuJTBBJTIwJTIwJTIwJTIwJTIwJTIwZWNobyUyMCUyMkNvbnRhaW5lciUyMHJ1bnRpbWUlMjAlMjQlN0Jjb250YWluZXJfcnVudGltZV9uYW1lJTdEJTIwZmFpbGVkISUyMiUwQSUyMCUyMCUyMCUyMCUyMCUyMGlmJTIwJTVCJTVCJTIwJTIyJTI0Y29udGFpbmVyX3J1bnRpbWVfbmFtZSUyMiUyMCUzRCUzRCUyMCUyMmRvY2tlciUyMiUyMCU1RCU1RCUzQiUyMHRoZW4lMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjMlMjBEdW1wJTIwc3RhY2slMjBvZiUyMGRvY2tlciUyMGRhZW1vbiUyMGZvciUyMGludmVzdGlnYXRpb24uJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIzJTIwTG9nJTIwZmlsZSUyMG5hbWUlMjBsb29rcyUyMGxpa2UlMjBnb3JvdXRpbmUtc3RhY2tzLVRJTUVTVEFNUCUyMGFuZCUyMHdpbGwlMjBiZSUyMHNhdmVkJTIwdG8lMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjMlMjB0aGUlMjBleGVjJTIwcm9vdCUyMGRpcmVjdG9yeSUyQyUyMHdoaWNoJTIwaXMlMjAlMkZ2YXIlMkZydW4lMkZkb2NrZXIlMkYlMjBvbiUyMFVidW50dSUyMGFuZCUyMENPUy4lMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBwa2lsbCUyMC1TSUdVU1IxJTIwZG9ja2VyZCUwQSUyMCUyMCUyMCUyMCUyMCUyMGZpJTBBJTIwJTIwJTIwJTIwJTIwJTIwc3lzdGVtY3RsJTIwa2lsbCUyMC0ta2lsbC13aG8lM0RtYWluJTIwJTIyJTI0JTdCY29udGFpbmVyX3J1bnRpbWVfbmFtZSU3RCUyMiUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMyUyMFdhaXQlMjBmb3IlMjBhJTIwd2hpbGUlMkMlMjBhcyUyMHdlJTIwZG9uJ3QlMjB3YW50JTIwdG8lMjBraWxsJTIwaXQlMjBhZ2FpbiUyMGJlZm9yZSUyMGl0JTIwaXMlMjByZWFsbHklMjB1cC4lMEElMjAlMjAlMjAlMjAlMjAlMjBzbGVlcCUyMDEyMCUwQSUyMCUyMCUyMCUyMGVsc2UlMEElMjAlMjAlMjAlMjAlMjAlMjBzbGVlcCUyMCUyMiUyNCU3QlNMRUVQX1NFQ09ORFMlN0QlMjIlMEElMjAlMjAlMjAlMjBmaSUwQSUyMCUyMGRvbmUlMEElN0QlMEElMEFmdW5jdGlvbiUyMGt1YmVsZXRfbW9uaXRvcmluZygpJTIwJTdCJTBBJTIwJTIwZWNobyUyMCUyMldhaXQlMjBmb3IlMjAyJTIwbWludXRlcyUyMGZvciUyMGt1YmVsZXQlMjB0byUyMGJlJTIwZnVuY3Rpb25hbCUyMiUwQSUyMCUyMHNsZWVwJTIwMTIwJTBBJTIwJTIwbG9jYWwlMjAtciUyMG1heF9zZWNvbmRzJTNEMTAlMEElMjAlMjBsb2NhbCUyMG91dHB1dCUzRCUyMiUyMiUwQSUyMCUyMHdoaWxlJTIwdHJ1ZSUzQiUyMGRvJTBBJTIwJTIwJTIwJTIwbG9jYWwlMjBmYWlsZWQlM0RmYWxzZSUwQSUwQSUyMCUyMCUyMCUyMGlmJTIwam91cm5hbGN0bCUyMC11JTIwa3ViZWxldCUyMC1uJTIwMSUyMCU3QyUyMGdyZXAlMjAtcSUyMCUyMnVzZSUyMG9mJTIwY2xvc2VkJTIwbmV0d29yayUyMGNvbm5lY3Rpb24lMjIlM0IlMjB0aGVuJTBBJTIwJTIwJTIwJTIwJTIwJTIwZmFpbGVkJTNEdHJ1ZSUwQSUyMCUyMCUyMCUyMCUyMCUyMGVjaG8lMjAlMjJLdWJlbGV0JTIwc3RvcHBlZCUyMHBvc3RpbmclMjBub2RlJTIwc3RhdHVzLiUyMFJlc3RhcnRpbmclMjIlMEElMjAlMjAlMjAlMjBlbGlmJTIwISUyMG91dHB1dCUzRCUyNChjdXJsJTIwLW0lMjAlMjIlMjQlN0JtYXhfc2Vjb25kcyU3RCUyMiUyMC1mJTIwLXMlMjAtUyUyMGh0dHAlM0ElMkYlMkYxMjcuMC4wLjElM0ExMDI0OCUyRmhlYWx0aHolMjAyJTNFJTI2MSklM0IlMjB0aGVuJTBBJTIwJTIwJTIwJTIwJTIwJTIwZmFpbGVkJTNEdHJ1ZSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMyUyMFByaW50JTIwdGhlJTIwcmVzcG9uc2UlMjBhbmQlMkZvciUyMGVycm9ycy4lMEElMjAlMjAlMjAlMjAlMjAlMjBlY2hvJTIwJTIyJTI0b3V0cHV0JTIyJTBBJTIwJTIwJTIwJTIwZmklMEElMEElMjAlMjAlMjAlMjBpZiUyMCU1QiU1QiUyMCUyMiUyNGZhaWxlZCUyMiUyMCUzRCUzRCUyMCUyMnRydWUlMjIlMjAlNUQlNUQlM0IlMjB0aGVuJTBBJTIwJTIwJTIwJTIwJTIwJTIwZWNobyUyMCUyMkt1YmVsZXQlMjBpcyUyMHVuaGVhbHRoeSElMjIlMEElMjAlMjAlMjAlMjAlMjAlMjBzeXN0ZW1jdGwlMjBraWxsJTIwa3ViZWxldCUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMyUyMFdhaXQlMjBmb3IlMjBhJTIwd2hpbGUlMkMlMjBhcyUyMHdlJTIwZG9uJ3QlMjB3YW50JTIwdG8lMjBraWxsJTIwaXQlMjBhZ2FpbiUyMGJlZm9yZSUyMGl0JTIwaXMlMjByZWFsbHklMjB1cC4lMEElMjAlMjAlMjAlMjAlMjAlMjBzbGVlcCUyMDYwJTBBJTIwJTIwJTIwJTIwZWxzZSUwQSUyMCUyMCUyMCUyMCUyMCUyMHNsZWVwJTIwJTIyJTI0JTdCU0xFRVBfU0VDT05EUyU3RCUyMiUwQSUyMCUyMCUyMCUyMGZpJTBBJTIwJTIwZG9uZSUwQSU3RCUwQSUwQSUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyME1haW4lMjBGdW5jdGlvbiUyMCUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUwQWlmJTIwJTVCJTVCJTIwJTIyJTI0JTIzJTIyJTIwLW5lJTIwMSUyMCU1RCU1RCUzQiUyMHRoZW4lMEElMjAlMjBlY2hvJTIwJTIyVXNhZ2UlM0ElMjBoZWFsdGgtbW9uaXRvci5zaCUyMCUzQ2NvbnRhaW5lci1ydW50aW1lJTJGa3ViZWxldCUzRSUyMiUwQSUyMCUyMGV4aXQlMjAxJTBBZmklMEElMEFTTEVFUF9TRUNPTkRTJTNEMTAlMEFjb21wb25lbnQlM0QlMjQxJTBBZWNobyUyMCUyMlN0YXJ0JTIwa3ViZXJuZXRlcyUyMGhlYWx0aCUyMG1vbml0b3JpbmclMjBmb3IlMjAlMjQlN0Jjb21wb25lbnQlN0QlMjIlMEFpZiUyMCU1QiU1QiUyMCUyMiUyNCU3QmNvbXBvbmVudCU3RCUyMiUyMCUzRCUzRCUyMCUyMmNvbnRhaW5lci1ydW50aW1lJTIyJTIwJTVEJTVEJTNCJTIwdGhlbiUwQSUyMCUyMGNvbnRhaW5lcl9ydW50aW1lX21vbml0b3JpbmclMEFlbGlmJTIwJTVCJTVCJTIwJTIyJTI0JTdCY29tcG9uZW50JTdEJTIyJTIwJTNEJTNEJTIwJTIya3ViZWxldCUyMiUyMCU1RCU1RCUzQiUyMHRoZW4lMEElMjAlMjBrdWJlbGV0X21vbml0b3JpbmclMEFlbHNlJTBBJTIwJTIwZWNobyUyMCUyMkhlYWx0aCUyMG1vbml0b3JpbmclMjBmb3IlMjBjb21wb25lbnQlMjAlMjQlN0Jjb21wb25lbnQlN0QlMjBpcyUyMG5vdCUyMHN1cHBvcnRlZCElMjIlMEFmaSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXN0ZW1kL3N5c3RlbS9zeXN0ZW1kLW5ldHdvcmtkLnNlcnZpY2UuZC8xMC1zdGF0aWMtbmV0d29yay5jb25mIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvZXRjL3N5c3RlbWQvam91cm5hbGQuY29uZi5kL21heF9kaXNrX3VzZS5jb25mIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosJTVCSm91cm5hbCU1RCUwQVN5c3RlbU1heFVzZSUzRDVHJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvb3B0L2xvYWQta2VybmVsLW1vZHVsZXMuc2giLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGdXNyJTJGYmluJTJGZW52JTIwYmFzaCUwQXNldCUyMC1ldW8lMjBwaXBlZmFpbCUwQSUwQW1vZHByb2JlJTIwaXBfdnMlMEFtb2Rwcm9iZSUyMGlwX3ZzX3JyJTBBbW9kcHJvYmUlMjBpcF92c193cnIlMEFtb2Rwcm9iZSUyMGlwX3ZzX3NoJTBBJTBBaWYlMjBtb2RpbmZvJTIwbmZfY29ubnRyYWNrX2lwdjQlMjAlMjYlM0UlMjAlMkZkZXYlMkZudWxsJTNCJTIwdGhlbiUwQSUyMCUyMG1vZHByb2JlJTIwbmZfY29ubnRyYWNrX2lwdjQlMEFlbHNlJTBBJTIwJTIwbW9kcHJvYmUlMjBuZl9jb25udHJhY2slMEFmaSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXNjdGwuZC9rOHMuY29uZiIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LG5ldC5icmlkZ2UuYnJpZGdlLW5mLWNhbGwtaXA2dGFibGVzJTIwJTNEJTIwMSUwQW5ldC5icmlkZ2UuYnJpZGdlLW5mLWNhbGwtaXB0YWJsZXMlMjAlM0QlMjAxJTBBa2VybmVsLnBhbmljX29uX29vcHMlMjAlM0QlMjAxJTBBa2VybmVsLnBhbmljJTIwJTNEJTIwMTAlMEFuZXQuaXB2NC5pcF9mb3J3YXJkJTIwJTNEJTIwMSUwQXZtLm92ZXJjb21taXRfbWVtb3J5JTIwJTNEJTIwMSUwQWZzLmlub3RpZnkubWF4X3VzZXJfd2F0Y2hlcyUyMCUzRCUyMDEwNDg1NzYlMEFmcy5pbm90aWZ5Lm1heF91c2VyX2luc3RhbmNlcyUyMCUzRCUyMDgxOTIlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9vcHQvYmluL3NldHVwX25ldF9lbnYuc2giLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGdXNyJTJGYmluJTJGZW52JTIwYmFzaCUwQWVjaG9kYXRlKCklMjAlN0IlMEElMjAlMjBlY2hvJTIwJTIyJTVCJTI0KGRhdGUlMjAtSXMpJTVEJTIyJTIwJTIyJTI0JTQwJTIyJTBBJTdEJTBBJTBBJTIzJTIwZ2V0JTIwdGhlJTIwZGVmYXVsdCUyMGludGVyZmFjZSUyMElQJTIwYWRkcmVzcyUwQURFRkFVTFRfSUZDX0lQJTNEJTI0KGlwJTIwLW8lMjAlMjByb3V0ZSUyMGdldCUyMDElMjAlN0MlMjBncmVwJTIwLW9QJTIwJTIyc3JjJTIwJTVDSyU1Q1MlMkIlMjIpJTBBJTBBaWYlMjAlNUIlMjAteiUyMCUyMiUyNCU3QkRFRkFVTFRfSUZDX0lQJTdEJTIyJTIwJTVEJTBBdGhlbiUwQSUyMCUyMGVjaG9kYXRlJTIwJTIyRmFpbGVkJTIwdG8lMjBnZXQlMjBJUCUyMGFkZHJlc3MlMjBmb3IlMjB0aGUlMjBkZWZhdWx0JTIwcm91dGUlMjBpbnRlcmZhY2UlMjIlMEElMjAlMjBleGl0JTIwMSUwQWZpJTBBJTBBJTIzJTIwZ2V0JTIwdGhlJTIwZnVsbCUyMGhvc3RuYW1lJTBBRlVMTF9IT1NUTkFNRSUzRCUyNChob3N0bmFtZSUyMC1mKSUwQSUyMyUyMGlmJTIwJTJGZXRjJTJGaG9zdG5hbWUlMjBpcyUyMG5vdCUyMGVtcHR5JTIwdGhlbiUyMHVzZSUyMHRoZSUyMGhvc3RuYW1lJTIwZnJvbSUyMHRoZXJlJTBBaWYlMjAlNUIlMjAtcyUyMCUyRmV0YyUyRmhvc3RuYW1lJTIwJTVEJTNCJTIwdGhlbiUwQSUyMCUyMCUyMCUyMEZVTExfSE9TVE5BTUUlM0QlMjQoY2F0JTIwJTJGZXRjJTJGaG9zdG5hbWUpJTBBZmklMEElMEElMjMlMjB3cml0ZSUyMHRoZSUyMG5vZGVpcF9lbnYlMjBmaWxlJTBBJTIzJTIwd2UlMjBuZWVkJTIwdGhlJTIwbGluZSUyMGJlbG93JTIwYmVjYXVzZSUyMGZsYXRjYXIlMjBoYXMlMjB0aGUlMjBzYW1lJTIwc3RyaW5nJTIwJTIyY29yZW9zJTIyJTIwaW4lMjB0aGF0JTIwZmlsZSUwQWlmJTIwZ3JlcCUyMC1xJTIwY29yZW9zJTIwJTJGZXRjJTJGb3MtcmVsZWFzZSUwQXRoZW4lMEElMjAlMjBlY2hvJTIwLWUlMjAlMjJLVUJFTEVUX05PREVfSVAlM0QlMjQlN0JERUZBVUxUX0lGQ19JUCU3RCU1Q25LVUJFTEVUX0hPU1ROQU1FJTNEJTI0JTdCRlVMTF9IT1NUTkFNRSU3RCUyMiUyMCUzRSUyMCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZub2RlaXAuY29uZiUwQWVsaWYlMjAlNUIlMjAhJTIwLWQlMjAlMkZldGMlMkZzeXN0ZW1kJTJGc3lzdGVtJTJGa3ViZWxldC5zZXJ2aWNlLmQlMjAlNUQlMEF0aGVuJTBBJTIwJTIwZWNob2RhdGUlMjAlMjJDYW4ndCUyMGZpbmQlMjBrdWJlbGV0JTIwc2VydmljZSUyMGV4dHJhcyUyMGRpcmVjdG9yeSUyMiUwQSUyMCUyMGV4aXQlMjAxJTBBZWxzZSUwQSUyMCUyMGVjaG8lMjAtZSUyMCUyMiU1QlNlcnZpY2UlNUQlNUNuRW52aXJvbm1lbnQlM0QlNUMlMjJLVUJFTEVUX05PREVfSVAlM0QlMjQlN0JERUZBVUxUX0lGQ19JUCU3RCU1QyUyMiU1Q25FbnZpcm9ubWVudCUzRCU1QyUyMktVQkVMRVRfSE9TVE5BTUUlM0QlMjQlN0JGVUxMX0hPU1ROQU1FJTdEJTVDJTIyJTIyJTIwJTNFJTIwJTJGZXRjJTJGc3lzdGVtZCUyRnN5c3RlbSUyRmt1YmVsZXQuc2VydmljZS5kJTJGbm9kZWlwLmNvbmYlMEFmaSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL29wdC9iaW4vZG93bmxvYWQuc2giLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGdXNyJTJGYmluJTJGZW52JTIwYmFzaCUwQXNldCUyMC14ZXVvJTIwcGlwZWZhaWwlMEElMEFvcHRfYmluJTNEJTJGb3B0JTJGYmluJTBBdXNyX2xvY2FsX2JpbiUzRCUyRnVzciUyRmxvY2FsJTJGYmluJTBBY25pX2Jpbl9kaXIlM0QlMkZvcHQlMkZjbmklMkZiaW4lMEFta2RpciUyMC1wJTIwJTJGZXRjJTJGY25pJTJGbmV0LmQlMjAlMkZldGMlMkZrdWJlcm5ldGVzJTJGbWFuaWZlc3RzJTIwJTIyJTI0b3B0X2JpbiUyMiUyMCUyMiUyNGNuaV9iaW5fZGlyJTIyJTBBbWtkaXIlMjAtcCUyMCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZkeW5hbWljLWNvbmZpZy1kaXIlMEFhcmNoJTNEJTI0JTdCSE9TVF9BUkNILSU3RCUwQWlmJTIwJTVCJTIwLXolMjAlMjIlMjRhcmNoJTIyJTIwJTVEJTBBdGhlbiUwQWNhc2UlMjAlMjQodW5hbWUlMjAtbSklMjBpbiUwQXg4Nl82NCklMEElMjAlMjAlMjAlMjBhcmNoJTNEJTIyYW1kNjQlMjIlMEElMjAlMjAlMjAlMjAlM0IlM0IlMEFhYXJjaDY0KSUwQSUyMCUyMCUyMCUyMGFyY2glM0QlMjJhcm02NCUyMiUwQSUyMCUyMCUyMCUyMCUzQiUzQiUwQSopJTBBJTIwJTIwJTIwJTIwZWNobyUyMCUyMnVuc3VwcG9ydGVkJTIwQ1BVJTIwYXJjaGl0ZWN0dXJlJTJDJTIwZXhpdGluZyUyMiUwQSUyMCUyMCUyMCUyMGV4aXQlMjAxJTBBJTIwJTIwJTIwJTIwJTNCJTNCJTBBZXNhYyUwQWZpJTBBQ05JX1ZFUlNJT04lM0QlMjIlMjQlN0JDTklfVkVSU0lPTiUzQS12MC44LjclN0QlMjIlMEFjbmlfYmFzZV91cmwlM0QlMjJodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZjb250YWluZXJuZXR3b3JraW5nJTJGcGx1Z2lucyUyRnJlbGVhc2VzJTJGZG93bmxvYWQlMkYlMjRDTklfVkVSU0lPTiUyMiUwQWNuaV9maWxlbmFtZSUzRCUyMmNuaS1wbHVnaW5zLWxpbnV4LSUyNGFyY2gtJTI0Q05JX1ZFUlNJT04udGd6JTIyJTBBY3VybCUyMC1MZm8lMjAlMjIlMjRjbmlfYmluX2RpciUyRiUyNGNuaV9maWxlbmFtZSUyMiUyMCUyMiUyNGNuaV9iYXNlX3VybCUyRiUyNGNuaV9maWxlbmFtZSUyMiUwQWNuaV9zdW0lM0QlMjQoY3VybCUyMC1MZiUyMCUyMiUyNGNuaV9iYXNlX3VybCUyRiUyNGNuaV9maWxlbmFtZS5zaGEyNTYlMjIpJTBBY2QlMjAlMjIlMjRjbmlfYmluX2RpciUyMiUwQXNoYTI1NnN1bSUyMC1jJTIwJTNDJTNDJTNDJTIyJTI0Y25pX3N1bSUyMiUwQXRhciUyMHh2ZiUyMCUyMiUyNGNuaV9maWxlbmFtZSUyMiUwQXJtJTIwLWYlMjAlMjIlMjRjbmlfZmlsZW5hbWUlMjIlMEFjZCUyMC0lMEFDUklfVE9PTFNfUkVMRUFTRSUzRCUyMiUyNCU3QkNSSV9UT09MU19SRUxFQVNFJTNBLXYxLjIyLjAlN0QlMjIlMEFjcmlfdG9vbHNfYmFzZV91cmwlM0QlMjJodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZrdWJlcm5ldGVzLXNpZ3MlMkZjcmktdG9vbHMlMkZyZWxlYXNlcyUyRmRvd25sb2FkJTJGJTI0JTdCQ1JJX1RPT0xTX1JFTEVBU0UlN0QlMjIlMEFjcmlfdG9vbHNfZmlsZW5hbWUlM0QlMjJjcmljdGwtJTI0JTdCQ1JJX1RPT0xTX1JFTEVBU0UlN0QtbGludXgtJTI0JTdCYXJjaCU3RC50YXIuZ3olMjIlMEFjdXJsJTIwLUxmbyUyMCUyMiUyNG9wdF9iaW4lMkYlMjRjcmlfdG9vbHNfZmlsZW5hbWUlMjIlMjAlMjIlMjRjcmlfdG9vbHNfYmFzZV91cmwlMkYlMjRjcmlfdG9vbHNfZmlsZW5hbWUlMjIlMEFjcmlfdG9vbHNfc3VtJTNEJTI0KGN1cmwlMjAtTGYlMjAlMjIlMjRjcmlfdG9vbHNfYmFzZV91cmwlMkYlMjRjcmlfdG9vbHNfZmlsZW5hbWUuc2hhMjU2JTIyJTIwJTdDJTIwc2VkJTIwJ3MlMkYlNUMqJTVDJTJGJTJGJTJGJyklMEFjZCUyMCUyMiUyNG9wdF9iaW4lMjIlMEFzaGEyNTZzdW0lMjAtYyUyMCUzQyUzQyUzQyUyMiUyNGNyaV90b29sc19zdW0lMjIlMEF0YXIlMjB4dmYlMjAlMjIlMjRjcmlfdG9vbHNfZmlsZW5hbWUlMjIlMEFybSUyMC1mJTIwJTIyJTI0Y3JpX3Rvb2xzX2ZpbGVuYW1lJTIyJTBBbG4lMjAtc2YlMjAlMjIlMjRvcHRfYmluJTJGY3JpY3RsJTIyJTIwJTIyJTI0dXNyX2xvY2FsX2JpbiUyMiUyRmNyaWN0bCUyMCU3QyU3QyUyMGVjaG8lMjAlMjJzeW1ib2xpYyUyMGxpbmslMjBpcyUyMHNraXBwZWQlMjIlMEFjZCUyMC0lMEFLVUJFX1ZFUlNJT04lM0QlMjIlMjQlN0JLVUJFX1ZFUlNJT04lM0EtdjEuMjIuMiU3RCUyMiUwQWt1YmVfZGlyJTNEJTIyJTI0b3B0X2JpbiUyRmt1YmVybmV0ZXMtJTI0S1VCRV9WRVJTSU9OJTIyJTBBa3ViZV9iYXNlX3VybCUzRCUyMmh0dHBzJTNBJTJGJTJGc3RvcmFnZS5nb29nbGVhcGlzLmNvbSUyRmt1YmVybmV0ZXMtcmVsZWFzZSUyRnJlbGVhc2UlMkYlMjRLVUJFX1ZFUlNJT04lMkZiaW4lMkZsaW51eCUyRiUyNGFyY2glMjIlMEFrdWJlX3N1bV9maWxlJTNEJTIyJTI0a3ViZV9kaXIlMkZzaGEyNTYlMjIlMEFta2RpciUyMC1wJTIwJTIyJTI0a3ViZV9kaXIlMjIlMEElM0ElMjAlM0UlMjIlMjRrdWJlX3N1bV9maWxlJTIyJTBBJTBBZm9yJTIwYmluJTIwaW4lMjBrdWJlbGV0JTIwa3ViZWFkbSUyMGt1YmVjdGwlM0IlMjBkbyUwQSUyMCUyMCUyMCUyMGN1cmwlMjAtTGZvJTIwJTIyJTI0a3ViZV9kaXIlMkYlMjRiaW4lMjIlMjAlMjIlMjRrdWJlX2Jhc2VfdXJsJTJGJTI0YmluJTIyJTBBJTIwJTIwJTIwJTIwY2htb2QlMjAlMkJ4JTIwJTIyJTI0a3ViZV9kaXIlMkYlMjRiaW4lMjIlMEElMjAlMjAlMjAlMjBzdW0lM0QlMjQoY3VybCUyMC1MZiUyMCUyMiUyNGt1YmVfYmFzZV91cmwlMkYlMjRiaW4uc2hhMjU2JTIyKSUwQSUyMCUyMCUyMCUyMGVjaG8lMjAlMjIlMjRzdW0lMjAlMjAlMjRrdWJlX2RpciUyRiUyNGJpbiUyMiUyMCUzRSUzRSUyMiUyNGt1YmVfc3VtX2ZpbGUlMjIlMEFkb25lJTBBc2hhMjU2c3VtJTIwLWMlMjAlMjIlMjRrdWJlX3N1bV9maWxlJTIyJTBBJTBBZm9yJTIwYmluJTIwaW4lMjBrdWJlbGV0JTIwa3ViZWFkbSUyMGt1YmVjdGwlM0IlMjBkbyUwQSUyMCUyMCUyMCUyMGxuJTIwLXNmJTIwJTIyJTI0a3ViZV9kaXIlMkYlMjRiaW4lMjIlMjAlMjIlMjRvcHRfYmluJTIyJTJGJTI0YmluJTBBZG9uZSUwQSUwQXN5c3RlbWN0bCUyMGRpc2FibGUlMjBkb3dubG9hZC1zY3JpcHQuc2VydmljZSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL29wdC9iaW4vc2V0dXAiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGYmluJTJGYmFzaCUwQXNldCUyMC14ZXVvJTIwcGlwZWZhaWwlMEFjYXQlMjAlM0MlM0MlMjBFT0YlMjAlN0MlMjB0ZWUlMjAlMkZldGMlMkZwb2xraXQtMSUyRnJ1bGVzLmQlMkY2MC1ub3JlYm9vdF9ub3Jlc3RhcnQucnVsZXMlMEFwb2xraXQuYWRkUnVsZShmdW5jdGlvbihhY3Rpb24lMkMlMjBzdWJqZWN0KSUyMCU3QiUwQSUyMCUyMGlmJTIwKGFjdGlvbi5pZCUyMCUzRCUzRCUyMCUyMm9yZy5mcmVlZGVza3RvcC5sb2dpbjEucmVib290JTIyJTIwJTdDJTdDJTBBJTIwJTIwJTIwJTIwJTIwJTIwYWN0aW9uLmlkJTIwJTNEJTNEJTIwJTIyb3JnLmZyZWVkZXNrdG9wLmxvZ2luMS5yZWJvb3QtbXVsdGlwbGUtc2Vzc2lvbnMlMjIpJTIwJTdCJTBBJTIwJTIwJTIwJTIwJTIwJTIwaWYlMjAoc3ViamVjdC51c2VyJTIwJTNEJTNEJTIwJTIyY29yZSUyMiklMjAlN0IlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjByZXR1cm4lMjBwb2xraXQuUmVzdWx0LllFUyUzQiUwQSUyMCUyMCUyMCUyMCUyMCUyMCU3RCUyMGVsc2UlMjAlN0IlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjByZXR1cm4lMjBwb2xraXQuUmVzdWx0LkFVVEhfQURNSU4lM0IlMEElMjAlMjAlMjAlMjAlMjAlMjAlN0QlMEElMjAlMjAlN0QlMEElN0QpJTNCJTBBRU9GJTBBc3lzdGVtY3RsJTIwc3RvcCUyMGRvY2tlciUwQXN5c3RlbWN0bCUyMGRpc2FibGUlMjBkb2NrZXIlMEElMEFzeXN0ZW1jdGwlMjBlbmFibGUlMjAtLW5vdyUyMGt1YmVsZXQlMEFzeXN0ZW1jdGwlMjBlbmFibGUlMjAtLW5vdyUyMC0tbm8tYmxvY2slMjBrdWJlbGV0LWhlYWx0aGNoZWNrLnNlcnZpY2UlMEFzeXN0ZW1jdGwlMjBkaXNhYmxlJTIwc2V0dXAuc2VydmljZSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9rdWJlcm5ldGVzL3BraS9jYS5jcnQiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwtLS0tLUJFR0lOJTIwQ0VSVElGSUNBVEUtLS0tLSUwQU1JSUVXakNDQTBLZ0F3SUJBZ0lKQUxmUmxXc0k4WVFITUEwR0NTcUdTSWIzRFFFQkJRVUFNSHN4Q3pBSkJnTlYlMEFCQVlUQWxWVE1Rc3dDUVlEVlFRSUV3SkRRVEVXTUJRR0ExVUVCeE1OVTJGdUlFWnlZVzVqYVhOamJ6RVVNQklHJTBBQTFVRUNoTUxRbkpoWkdacGRIcHBibU14RWpBUUJnTlZCQU1UQ1d4dlkyRnNhRzl6ZERFZE1Cc0dDU3FHU0liMyUwQURRRUpBUllPWW5KaFpFQmtZVzVuWVM1amIyMHdIaGNOTVRRd056RTFNakEwTmpBMVdoY05NVGN3TlRBME1qQTAlMEFOakExV2pCN01Rc3dDUVlEVlFRR0V3SlZVekVMTUFrR0ExVUVDQk1DUTBFeEZqQVVCZ05WQkFjVERWTmhiaUJHJTBBY21GdVkybHpZMjh4RkRBU0JnTlZCQW9UQzBKeVlXUm1hWFI2YVc1ak1SSXdFQVlEVlFRREV3bHNiMk5oYkdodiUwQWMzUXhIVEFiQmdrcWhraUc5dzBCQ1FFV0RtSnlZV1JBWkdGdVoyRXVZMjl0TUlJQklqQU5CZ2txaGtpRzl3MEIlMEFBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0NWZBanA0ZlRjZWtXVVRmenNwMGt5aWgxT1lic0dMMEtYMWVSYlNTJTBBUjhPZDAlMkI5UTYySHlueSUyQkdGd01UYjRBJTJGS1U4bXNzb0h2Y2NlU0FBYndmYnhGSyUyRiUyQnM1MVRvYnFVbk9SWnJPb1QlMEFaamtVeWdieVhEU0s5OVlCYmNSMVBpcDh2d01UbTRYS3VMdENpZ2VCQmRqakFRZGdVTzI4TEVOR2xzTW5tZVlrJTBBSmZPRFZHblZtcjVMdGI5QU5BOElLeVRmc25ISjRpT0NTJTJGUGxQYlVqMnE3WW5vVkxwb3NVQk1sZ1ViJTJGQ3lrWDMlMEFtT29MYjR5SkpReUElMkZpU1Q2WnhpSUVqMzZENHlXWjVsZzdZSmwlMkJVaWlCUUhHQ25QZEd5aXBxVjA2ZXgwaGVZVyUwQWNhaVc4TFdaU1VROTNqUSUyQldWQ0g4aFQ3RFFPMWRtc3ZVbVhscSUyRkplQWx3USUyRlFJREFRQUJvNEhnTUlIZE1CMEclMEFBMVVkRGdRV0JCUmNBUk90aFM0UDRVN3ZUZmpCeUM1NjlSN0U2RENCclFZRFZSMGpCSUdsTUlHaWdCUmNBUk90JTBBaFM0UDRVN3ZUZmpCeUM1NjlSN0U2S0YlMkZwSDB3ZXpFTE1Ba0dBMVVFQmhNQ1ZWTXhDekFKQmdOVkJBZ1RBa05CJTBBTVJZd0ZBWURWUVFIRXcxVFlXNGdSbkpoYm1OcGMyTnZNUlF3RWdZRFZRUUtFd3RDY21Ga1ptbDBlbWx1WXpFUyUwQU1CQUdBMVVFQXhNSmJHOWpZV3hvYjNOME1SMHdHd1lKS29aSWh2Y05BUWtCRmc1aWNtRmtRR1JoYm1kaExtTnYlMEFiWUlKQUxmUmxXc0k4WVFITUF3R0ExVWRFd1FGTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVGQlFBRGdnRUJBRzZoJTBBVTlmOXNOSDAlMkY2b0JiR0d5MkVWVTBVZ0lUVVFJckZXbzlyRmtyVzVrJTJGWGtEalFtJTJCM2x6alQwaUdSNEl4RSUyRkFvJTBBZVU2c1FodWE3d3JXZUZFbjQ3R0w5OGxuQ3NKZEQ3b1pOaEZtUTk1VGIlMkZMbkRVanM1WWo5YnJQME5XelhmWVU0JTBBVUsyWm5JTkpSY0pwQjhpUkNhQ3hFOERkY1VGMFhxSUVxNnBBMjcyc25vTG1pWExNdk5sM2tZRWRtJTJCamU2dm9EJTBBNThTTlZFVXN6dHpReVhtSkVoQ3B3VkkwQTZRQ2p6WGolMkJxdnBtdzNaWkhpOEp3WGVpOFpaQkxUU0ZCa2k4WjduJTBBc0g5QkJIMzglMkZTelVtQU40UUhTUHkxZ2pxbTAwT0FFOE5hWURraCUyRmJ6RTRkN21MR0dNV3AlMkZXRTNLUFN1ODJIRiUwQWtQZTZYb1NiaUxtJTJGa3hrMzJUMCUzRCUwQS0tLS0tRU5EJTIwQ0VSVElGSUNBVEUtLS0tLSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9rdWJlcm5ldGVzL2Jvb3RzdHJhcC1rdWJlbGV0LmNvbmYiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOixhcGlWZXJzaW9uJTNBJTIwdjElMEFjbHVzdGVycyUzQSUwQS0lMjBjbHVzdGVyJTNBJTBBJTIwJTIwJTIwJTIwY2VydGlmaWNhdGUtYXV0aG9yaXR5LWRhdGElM0ElMjBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VSSFJFTkRRV2REWjBGM1NVSkJaMGxDUVVSQlRrSm5hM0ZvYTJsSE9YY3dRa0ZSYzBaQlJFRTVUVlJ6ZDA5UldVUldVVkZFUlhwS2VXSXlPVEFLVEZkT2FFeHVVVE5qVjNSNFpVUldlR1JETld4a1dFcDJZMGRWZEdReVZucGtSRTEwV1hrMWExcFlXWFZoTTFacFdsaEtkRmxZVW5CWmVUVndZbnBCWlFwR2R6QjRUMFJCZVUxRVJYaE5lbFV5VFVSb1lVWjNNSGxQUkVGNFRYcEJlRTE2VlRKTlJHaGhUVVF3ZUU5NlFUVkNaMDVXUWtGTlZFMXVTblppTTFGMENsa3lSWFZrUkdSNFlUTkdORTVZUmpCTWJWWXhZMjA1ZDFwVE1UTmFXRTR3VFhreGFreHRVbXhrYVRWeVpGZEtiR050TVdoa1IyeHFURzFzZGsxSlNVSUtTV3BCVGtKbmEzRm9hMmxIT1hjd1FrRlJSVVpCUVU5RFFWRTRRVTFKU1VKRFowdERRVkZGUVhBMlNEWldOVFppV1VoMlEyVjZUR3R5WmtsNlRUZ3hZZ3BwYnpjdldtRjNMMHhMUlhjd1pVWXJURTEyTkVVckwxRXZaa1pvYzBoREsyMW9aVXhuTVVoWFZWQkdVRkpyTkZCUk9EVnRRUzgwZEdwcGJXcFRVRVpFQ21zMlUwbHRla3RHVEZsUlozZERaMmRwVnpoT01taFBLemw2Y2tKVlFVeEtSa2RDTmpSdlQyTmlRbW8yUlhJdkswNXNVRWRKTTFKU1YxZGthVVZVVjBZS1YxbEROR3BtU21waVJqVlFZbmw1V0VodWMwZG1kRk5PV1ZwQ1REY3hWemRvT1dwTVYzQjVWVmRMVERaYVdVRk9kMFJQVGpKU1luQTNkSEIxZHpCWU5ncHJheXN3UVZaM1ZucHJNekFyVFU1NmJXWTFNSEYzSzI4NE1UaGlaa3hWUkd0aFRrMW1URk0yU1RCM1VXMDNVa2RuSzAxblZsSkVlVE5EZFZseFprbFhDbGt5ZW5nMll6ZFFjWHBHYzFaV1prbHlZVEJpTUhGaGRFNXNNVmhJYWpoMEswZE9jV1JpYVRJdlJsRnFRM2hwYkZST2RXNTBWRE4yZVRKbFQwaFJTVVFLUVZGQlFtOTVUWGRKVkVGUFFtZE9Wa2hST0VKQlpqaEZRa0ZOUTBGeFVYZEVkMWxFVmxJd1ZFRlJTQzlDUVZWM1FYZEZRaTk2UVU1Q1oydHhhR3RwUndvNWR6QkNRVkZ6UmtGQlQwTkJVVVZCU1cxRmJrbFlWak5FZVcxRGNUbHhVRGR3SzNWS05UVjFabGhrYTFJeVoyaEVWVmx5VkZSalVIZHFVakpxVkVoaENtbGFRU3RuT0c0MlVYSlZiME5FTm5ONlJ5dHNhR0ZzTjJoUU5uaGtWM1ZTYWxoR1NFODNZazUyTmpOSmNVVkhlbEpFWjNjMVozZGpjVlZVV2tWMmQyY0taMjE2TnpVNWR5OWhSbVl4VmpFeWFERmhabEJ0UVRsRlJ6Vk9aRWg0YzNnNVFXeElLMFkyZEhsemNIQlhhRlU0V0VWUlZVRkxRMUJxYm5kVmJVczBjQW8zWjNaVVduSXllbm8wYm5kb1dtOHpURGc1TUROeGNIUmpjVEZzV2pSUFdYTkViMWh2YkRGMWVtRlJTRGd5ZUhsM1pWTkxRMHRZY0U5aWFYcGxOVm93Q25kd2JtcGtSSFZJT0RkNE5ISTBUR3BOV25CMU0zWllOa3hxUWtSTlVGZHJTRWhRVGpWQmFXMHhTa3gwTnk5U1RGQm5WSFJxYzBwTmNsUkJVemRvWjFvS1prdE1URGxSVFZGc05uTXhja2hLTkV0ckwyVTNTMGM0U0VFMGFFVk9SV2hyT1ZsRVpsRTlQUW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZyUzRCUzRCUwQSUyMCUyMCUyMCUyMHNlcnZlciUzQSUyMGh0dHBzJTNBJTJGJTJGZm9vLmJhciUzQTY0NDMlMEElMjAlMjBuYW1lJTNBJTIwYyUwQWNvbnRleHRzJTNBJTBBLSUyMGNvbnRleHQlM0ElMEElMjAlMjAlMjAlMjBjbHVzdGVyJTNBJTIwYyUwQSUyMCUyMCUyMCUyMHVzZXIlM0ElMjBjJTBBJTIwJTIwbmFtZSUzQSUyMGMlMEFjdXJyZW50LWNvbnRleHQlM0ElMjBjJTBBa2luZCUzQSUyMENvbmZpZyUwQXByZWZlcmVuY2VzJTNBJTIwJTdCJTdEJTBBdXNlcnMlM0ElMEEtJTIwbmFtZSUzQSUyMGMlMEElMjAlMjB1c2VyJTNBJTBBJTIwJTIwJTIwJTIwdG9rZW4lM0ElMjB0ZXN0LnRlc3QlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9ldGMvc3lzdGVtZC9zeXN0ZW0va3ViZWxldC5zZXJ2aWNlIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosJTVCVW5pdCU1RCUwQUFmdGVyJTNEY29udGFpbmVyZC5zZXJ2aWNlJTBBUmVxdWlyZXMlM0Rjb250YWluZXJkLnNlcnZpY2UlMEElMEFEZXNjcmlwdGlvbiUzRGt1YmVsZXQlM0ElMjBUaGUlMjBLdWJlcm5ldGVzJTIwTm9kZSUyMEFnZW50JTBBRG9jdW1lbnRhdGlvbiUzRGh0dHBzJTNBJTJGJTJGa3ViZXJuZXRlcy5pbyUyRmRvY3MlMkZob21lJTJGJTBBJTBBJTVCU2VydmljZSU1RCUwQVVzZXIlM0Ryb290JTBBUmVzdGFydCUzRGFsd2F5cyUwQVN0YXJ0TGltaXRJbnRlcnZhbCUzRDAlMEFSZXN0YXJ0U2VjJTNEMTAlMEFDUFVBY2NvdW50aW5nJTNEdHJ1ZSUwQU1lbW9yeUFjY291bnRpbmclM0R0cnVlJTBBJTBBRW52aXJvbm1lbnQlM0QlMjJQQVRIJTNEJTJGb3B0JTJGYmluJTNBJTJGYmluJTNBJTJGdXNyJTJGbG9jYWwlMkZzYmluJTNBJTJGdXNyJTJGbG9jYWwlMkZiaW4lM0ElMkZ1c3IlMkZzYmluJTNBJTJGdXNyJTJGYmluJTNBJTJGc2JpbiUyRiUyMiUwQUVudmlyb25tZW50RmlsZSUzRC0lMkZldGMlMkZlbnZpcm9ubWVudCUwQUVudmlyb25tZW50RmlsZSUzRCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZub2RlaXAuY29uZiUwQSUwQUV4ZWNTdGFydFByZSUzRCUyRmJpbiUyRmJhc2glMjAlMkZvcHQlMkZsb2FkLWtlcm5lbC1tb2R1bGVzLnNoJTBBRXhlY1N0YXJ0UHJlJTNEJTJGYmluJTJGYmFzaCUyMCUyRm9wdCUyRmJpbiUyRnNldHVwX25ldF9lbnYuc2glMEFFeGVjU3RhcnQlM0QlMkZvcHQlMkZiaW4lMkZrdWJlbGV0JTIwJTI0S1VCRUxFVF9FWFRSQV9BUkdTJTIwJTVDJTBBJTIwJTIwLS1ib290c3RyYXAta3ViZWNvbmZpZyUzRCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZib290c3RyYXAta3ViZWxldC5jb25mJTIwJTVDJTBBJTIwJTIwLS1rdWJlY29uZmlnJTNEJTJGdmFyJTJGbGliJTJGa3ViZWxldCUyRmt1YmVjb25maWclMjAlNUMlMEElMjAlMjAtLWNvbmZpZyUzRCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZrdWJlbGV0LmNvbmYlMjAlNUMlMEElMjAlMjAtLW5ldHdvcmstcGx1Z2luJTNEY25pJTIwJTVDJTBBJTIwJTIwLS1jZXJ0LWRpciUzRCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZwa2klMjAlNUMlMEElMjAlMjAtLWNsb3VkLXByb3ZpZGVyJTNEYXdzJTIwJTVDJTBBJTIwJTIwLS1jbG91ZC1jb25maWclM0QlMkZldGMlMkZrdWJlcm5ldGVzJTJGY2xvdWQtY29uZmlnJTIwJTVDJTBBJTIwJTIwLS1keW5hbWljLWNvbmZpZy1kaXIlM0QlMkZldGMlMkZrdWJlcm5ldGVzJTJGZHluYW1pYy1jb25maWctZGlyJTIwJTVDJTBBJTIwJTIwLS1mZWF0dXJlLWdhdGVzJTNERHluYW1pY0t1YmVsZXRDb25maWclM0R0cnVlJTIwJTVDJTBBJTIwJTIwLS1leGl0LW9uLWxvY2stY29udGVudGlvbiUyMCU1QyUwQSUyMCUyMC0tbG9jay1maWxlJTNEJTJGdG1wJTJGa3ViZWxldC5sb2NrJTIwJTVDJTBBJTIwJTIwLS1jb250YWluZXItcnVudGltZSUzRHJlbW90ZSUyMCU1QyUwQSUyMCUyMC0tY29udGFpbmVyLXJ1bnRpbWUtZW5kcG9pbnQlM0R1bml4JTNBJTJGJTJGJTJGcnVuJTJGY29udGFpbmVyZCUyRmNvbnRhaW5lcmQuc29jayUyMCU1QyUwQSUyMCUyMC0tbm9kZS1pcCUyMCUyNCU3QktVQkVMRVRfTk9ERV9JUCU3RCUwQSUwQSU1Qkluc3RhbGwlNUQlMEFXYW50ZWRCeSUzRG11bHRpLXVzZXIudGFyZ2V0JTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvZXRjL2t1YmVybmV0ZXMvY2xvdWQtY29uZmlnIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosJTVCZ2xvYmFsJTVEJTBBWm9uZSUzRCUyMmV1LWNlbnRyYWwtMWIlMjIlMEFWUEMlM0QlMjJlLTEyM2YlMjIlMEFTdWJuZXRJRCUzRCUyMnRlc3Qtc3VibmV0JTIyJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjQwMH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvZXRjL2t1YmVybmV0ZXMva3ViZWxldC5jb25mIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosYXBpVmVyc2lvbiUzQSUyMGt1YmVsZXQuY29uZmlnLms4cy5pbyUyRnYxYmV0YTElMEFraW5kJTNBJTIwS3ViZWxldENvbmZpZ3VyYXRpb24lMEFhdXRoZW50aWNhdGlvbiUzQSUwQSUyMCUyMGFub255bW91cyUzQSUwQSUyMCUyMCUyMCUyMGVuYWJsZWQlM0ElMjBmYWxzZSUwQSUyMCUyMHdlYmhvb2slM0ElMEElMjAlMjAlMjAlMjBlbmFibGVkJTNBJTIwdHJ1ZSUwQSUyMCUyMHg1MDklM0ElMEElMjAlMjAlMjAlMjBjbGllbnRDQUZpbGUlM0ElMjAlMkZldGMlMkZrdWJlcm5ldGVzJTJGcGtpJTJGY2EuY3J0JTBBYXV0aG9yaXphdGlvbiUzQSUwQSUyMCUyMG1vZGUlM0ElMjBXZWJob29rJTBBY2dyb3VwRHJpdmVyJTNBJTIwc3lzdGVtZCUwQWNsdXN0ZXJETlMlM0ElMEEtJTIwJTIyMTAuMC4wLjAlMjIlMEFjbHVzdGVyRG9tYWluJTNBJTIwY2x1c3Rlci5sb2NhbCUwQWNvbnRhaW5lckxvZ01heFNpemUlM0ElMjAxMDBNaSUwQWNvbnRhaW5lckxvZ01heEZpbGVzJTNBJTIwNSUwQWZlYXR1cmVHYXRlcyUzQSUwQSUyMCUyMEdyYWNlZnVsTm9kZVNodXRkb3duJTNBJTIwdHJ1ZSUwQSUyMCUyMElkZW50aWZ5UG9kT1MlM0ElMjBmYWxzZSUwQXByb3RlY3RLZXJuZWxEZWZhdWx0cyUzQSUyMHRydWUlMEFyZWFkT25seVBvcnQlM0ElMjAwJTBBcm90YXRlQ2VydGlmaWNhdGVzJTNBJTIwdHJ1ZSUwQXNlcnZlclRMU0Jvb3RzdHJhcCUzQSUyMHRydWUlMEFzdGF0aWNQb2RQYXRoJTNBJTIwJTJGZXRjJTJGa3ViZXJuZXRlcyUyRm1hbmlmZXN0cyUwQWt1YmVSZXNlcnZlZCUzQSUwQSUyMCUyMGNwdSUzQSUyMDIwMG0lMEElMjAlMjBlcGhlbWVyYWwtc3RvcmFnZSUzQSUyMDFHaSUwQSUyMCUyMG1lbW9yeSUzQSUyMDIwME1pJTBBc3lzdGVtUmVzZXJ2ZWQlM0ElMEElMjAlMjBjcHUlM0ElMjAyMDBtJTBBJTIwJTIwZXBoZW1lcmFsLXN0b3JhZ2UlM0ElMjAxR2klMEElMjAlMjBtZW1vcnklM0ElMjAyMDBNaSUwQWV2aWN0aW9uSGFyZCUzQSUwQSUyMCUyMGltYWdlZnMuYXZhaWxhYmxlJTNBJTIwMTUlMjUlMEElMjAlMjBtZW1vcnkuYXZhaWxhYmxlJTNBJTIwMTAwTWklMEElMjAlMjBub2RlZnMuYXZhaWxhYmxlJTNBJTIwMTAlMjUlMEElMjAlMjBub2RlZnMuaW5vZGVzRnJlZSUzQSUyMDUlMjUlMEF0bHNDaXBoZXJTdWl0ZXMlM0ElMEEtJTIwVExTX0FFU18xMjhfR0NNX1NIQTI1NiUwQS0lMjBUTFNfQUVTXzI1Nl9HQ01fU0hBMzg0JTBBLSUyMFRMU19DSEFDSEEyMF9QT0xZMTMwNV9TSEEyNTYlMEEtJTIwVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzEyOF9HQ01fU0hBMjU2JTBBLSUyMFRMU19FQ0RIRV9FQ0RTQV9XSVRIX0FFU18yNTZfR0NNX1NIQTM4NCUwQS0lMjBUTFNfRUNESEVfRUNEU0FfV0lUSF9DSEFDSEEyMF9QT0xZMTMwNSUwQS0lMjBUTFNfRUNESEVfUlNBX1dJVEhfQUVTXzEyOF9HQ01fU0hBMjU2JTBBLSUyMFRMU19FQ0RIRV9SU0FfV0lUSF9BRVNfMjU2X0dDTV9TSEEzODQlMEEtJTIwVExTX0VDREhFX1JTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1JTBBdm9sdW1lUGx1Z2luRGlyJTNBJTIwJTJGdmFyJTJGbGliJTJGa3ViZWxldCUyRnZvbHVtZXBsdWdpbnMlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9ldGMvc3lzdGVtZC9zeXN0ZW0va3ViZWxldC1oZWFsdGhjaGVjay5zZXJ2aWNlIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosJTVCVW5pdCU1RCUwQVJlcXVpcmVzJTNEa3ViZWxldC5zZXJ2aWNlJTBBQWZ0ZXIlM0RrdWJlbGV0LnNlcnZpY2UlMEElMEElNUJTZXJ2aWNlJTVEJTBBRXhlY1N0YXJ0JTNEJTJGb3B0JTJGYmluJTJGaGVhbHRoLW1vbml0b3Iuc2glMjBrdWJlbGV0JTBBJTBBJTVCSW5zdGFsbCU1RCUwQVdhbnRlZEJ5JTNEbXVsdGktdXNlci50YXJnZXQlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9wcm9jL3N5cy9rZXJuZWwvcGFuaWNfb25fb29wcyIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LDElMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9wcm9jL3N5cy9rZXJuZWwvcGFuaWMiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwxMCUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL3Byb2Mvc3lzL3ZtL292ZXJjb21taXRfbWVtb3J5IiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosMSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zc2gvc3NoZF9jb25maWciLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMlMjBVc2UlMjBtb3N0JTIwZGVmYXVsdHMlMjBmb3IlMjBzc2hkJTIwY29uZmlndXJhdGlvbi4lMEFTdWJzeXN0ZW0lMjBzZnRwJTIwaW50ZXJuYWwtc2Z0cCUwQUNsaWVudEFsaXZlSW50ZXJ2YWwlMjAxODAlMEFVc2VETlMlMjBubyUwQVVzZVBBTSUyMHllcyUwQVByaW50TGFzdExvZyUyMG5vJTIwJTIzJTIwaGFuZGxlZCUyMGJ5JTIwUEFNJTBBUHJpbnRNb3RkJTIwbm8lMjAlMjMlMjBoYW5kbGVkJTIwYnklMjBQQU0lMEFQYXNzd29yZEF1dGhlbnRpY2F0aW9uJTIwbm8lMEFDaGFsbGVuZ2VSZXNwb25zZUF1dGhlbnRpY2F0aW9uJTIwbm8lMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjAwfSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9ldGMvY29udGFpbmVyZC9jb25maWcudG9tbCIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LHZlcnNpb24lMjAlM0QlMjAyJTBBJTBBJTVCbWV0cmljcyU1RCUwQWFkZHJlc3MlMjAlM0QlMjAlMjIxMjcuMC4wLjElM0ExMzM4JTIyJTBBJTBBJTVCcGx1Z2lucyU1RCUwQSU1QnBsdWdpbnMuJTIyaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSUyMiU1RCUwQXNhbmRib3hfaW1hZ2UlMjAlM0QlMjAlMjIxOTIuMTY4LjEwMC4xMDAlM0E1MDAwJTJGa3ViZXJuZXRlcyUyRnBhdXNlJTNBdjMuMSUyMiUwQSU1QnBsdWdpbnMuJTIyaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSUyMi5jb250YWluZXJkJTVEJTBBJTVCcGx1Z2lucy4lMjJpby5jb250YWluZXJkLmdycGMudjEuY3JpJTIyLmNvbnRhaW5lcmQucnVudGltZXMlNUQlMEElNUJwbHVnaW5zLiUyMmlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmklMjIuY29udGFpbmVyZC5ydW50aW1lcy5ydW5jJTVEJTBBcnVudGltZV90eXBlJTIwJTNEJTIwJTIyaW8uY29udGFpbmVyZC5ydW5jLnYyJTIyJTBBJTVCcGx1Z2lucy4lMjJpby5jb250YWluZXJkLmdycGMudjEuY3JpJTIyLmNvbnRhaW5lcmQucnVudGltZXMucnVuYy5vcHRpb25zJTVEJTBBU3lzdGVtZENncm91cCUyMCUzRCUyMHRydWUlMEElNUJwbHVnaW5zLiUyMmlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmklMjIucmVnaXN0cnklNUQlMEElNUJwbHVnaW5zLiUyMmlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmklMjIucmVnaXN0cnkubWlycm9ycyU1RCUwQSU1QnBsdWdpbnMuJTIyaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSUyMi5yZWdpc3RyeS5taXJyb3JzLiUyMmRvY2tlci5pbyUyMiU1RCUwQWVuZHBvaW50JTIwJTNEJTIwJTVCJTIyaHR0cHMlM0ElMkYlMkZyZWdpc3RyeS5kb2NrZXItY24uY29tJTIyJTVEJTBBJTVCcGx1Z2lucy4lMjJpby5jb250YWluZXJkLmdycGMudjEuY3JpJTIyLnJlZ2lzdHJ5LmNvbmZpZ3MlNUQlMEElNUJwbHVnaW5zLiUyMmlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmklMjIucmVnaXN0cnkuY29uZmlncy4lMjIxMC4wLjAuMSUzQTUwMDAlMjIlNUQlMEElNUJwbHVnaW5zLiUyMmlvLmNvbnRhaW5lcmQuZ3JwYy52MS5jcmklMjIucmVnaXN0cnkuY29uZmlncy4lMjIxMC4wLjAuMSUzQTUwMDAlMjIudGxzJTVEJTBBaW5zZWN1cmVfc2tpcF92ZXJpZnklMjAlM0QlMjB0cnVlJTBBJTVCcGx1Z2lucy4lMjJpby5jb250YWluZXJkLmdycGMudjEuY3JpJTIyLnJlZ2lzdHJ5LmNvbmZpZ3MuJTIyMTkyLjE2OC4xMDAuMTAwJTNBNTAwMCUyMiU1RCUwQSU1QnBsdWdpbnMuJTIyaW8uY29udGFpbmVyZC5ncnBjLnYxLmNyaSUyMi5yZWdpc3RyeS5jb25maWdzLiUyMjE5Mi4xNjguMTAwLjEwMCUzQTUwMDAlMjIudGxzJTVEJTBBaW5zZWN1cmVfc2tpcF92ZXJpZnklMjAlM0QlMjB0cnVlJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjYwMH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvZXRjL3N5c3RlbWQvc3lzdGVtL2NvbnRhaW5lcmQuc2VydmljZS5kL2Vudmlyb25tZW50LmNvbmYiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlNUJTZXJ2aWNlJTVEJTBBUmVzdGFydCUzRGFsd2F5cyUwQUVudmlyb25tZW50RmlsZSUzRC0lMkZldGMlMkZlbnZpcm9ubWVudCUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXN0ZW1kL3N5c3RlbS9jb250YWluZXJkLnNlcnZpY2UuZC8xMC1jdXN0b20uY29uZiIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LCU1QlNlcnZpY2UlNUQlMEFFbnZpcm9ubWVudEZpbGUlM0QlMkZydW4lMkZtZXRhZGF0YSUyRnRvcmN4JTBBRW52aXJvbm1lbnQlM0RDT05UQUlORVJEX0NPTkZJRyUzRCUyRmV0YyUyRmNvbnRhaW5lcmQlMkZjb25maWcudG9tbCUwQUV4ZWNTdGFydCUzRCUwQUV4ZWNTdGFydCUzRCUyRnVzciUyRmJpbiUyRmVudiUyMFBBVEglM0QlMjQlN0JUT1JDWF9CSU5ESVIlN0QlM0ElMjQlN0JQQVRIJTdEJTIwJTI0JTdCVE9SQ1hfQklORElSJTdEJTJGY29udGFpbmVyZCUyMC0tY29uZmlnJTIwJTI0JTdCQ09OVEFJTkVSRF9DT05GSUclN0QlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9ldGMvY3JpY3RsLnlhbWwiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOixydW50aW1lLWVuZHBvaW50JTNBJTIwdW5peCUzQSUyRiUyRiUyRnJ1biUyRmNvbnRhaW5lcmQlMkZjb250YWluZXJkLnNvY2slMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fV19LCJzeXN0ZW1kIjp7InVuaXRzIjpbeyJjb250ZW50cyI6IltJbnN0YWxsXVxuV2FudGVkQnk9bXVsdGktdXNlci50YXJnZXRcblxuW1VuaXRdXG5SZXF1aXJlcz1kb3dubG9hZC1zY3JpcHQuc2VydmljZVxuUmVxdWlyZXM9bm9kZWlwLnNlcnZpY2VcbkFmdGVyPWRvd25sb2FkLXNjcmlwdC5zZXJ2aWNlXG5BZnRlcj1ub2RlaXAuc2VydmljZVxuXG5bU2VydmljZV1cblR5cGU9b25lc2hvdFxuUmVtYWluQWZ0ZXJFeGl0PXRydWVcbkVudmlyb25tZW50RmlsZT0tL2V0Yy9lbnZpcm9ubWVudFxuRXhlY1N0YXJ0PS9vcHQvYmluL3NldHVwXG4iLCJlbmFibGVkIjp0cnVlLCJuYW1lIjoic2V0dXAuc2VydmljZSJ9LHsiY29udGVudHMiOiJbSW5zdGFsbF1cbldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0XG5cbltVbml0XVxuUmVxdWlyZXM9bmV0d29yay1vbmxpbmUudGFyZ2V0XG5BZnRlcj1uZXR3b3JrLW9ubGluZS50YXJnZXRcblxuW1NlcnZpY2VdXG5UeXBlPW9uZXNob3RcblJlbWFpbkFmdGVyRXhpdD10cnVlXG5FbnZpcm9ubWVudEZpbGU9LS9ldGMvZW52aXJvbm1lbnRcbkV4ZWNTdGFydD0vb3B0L2Jpbi9kb3dubG9hZC5zaFxuIiwiZW5hYmxlZCI6dHJ1ZSwibmFtZSI6ImRvd25sb2FkLXNjcmlwdC5zZXJ2aWNlIn0seyJjb250ZW50cyI6IltVbml0XVxuRGVzY3JpcHRpb249U2V0dXAgS3ViZWxldCBOb2RlIElQIEVudlxuUmVxdWlyZXM9bmV0d29yay1vbmxpbmUudGFyZ2V0XG5BZnRlcj1uZXR3b3JrLW9ubGluZS50YXJnZXRcblxuW1NlcnZpY2VdXG5FeGVjU3RhcnQ9L29wdC9iaW4vc2V0dXBfbmV0X2Vudi5zaFxuUmVtYWluQWZ0ZXJFeGl0PXllc1xuVHlwZT1vbmVzaG90XG5bSW5zdGFsbF1cbldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0XG4iLCJlbmFibGVkIjp0cnVlLCJuYW1lIjoibm9kZWlwLnNlcnZpY2UifV19fQ== +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: flatcar-aws-containerd-kube-system-provisioning-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-flatcar-aws-docker-bootstrap.yaml b/pkg/controllers/osc/testdata/secret-flatcar-aws-docker-bootstrap.yaml index e69de29b..a589418e 100644 --- a/pkg/controllers/osc/testdata/secret-flatcar-aws-docker-bootstrap.yaml +++ b/pkg/controllers/osc/testdata/secret-flatcar-aws-docker-bootstrap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: eyJpZ25pdGlvbiI6eyJjb25maWciOnt9LCJzZWN1cml0eSI6eyJ0bHMiOnt9fSwidGltZW91dHMiOnt9LCJ2ZXJzaW9uIjoiMi4zLjAifSwibmV0d29ya2QiOnt9LCJwYXNzd2QiOnsidXNlcnMiOlt7Im5hbWUiOiJjb3JlIiwic3NoQXV0aG9yaXplZEtleXMiOlsic3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFEZE9JaFltekNLNURTVkx1M2MiXX1dfSwic3RvcmFnZSI6eyJmaWxlcyI6W3siZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL29wdC9iaW4vYm9vdHN0cmFwIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosSXlFdlltbHVMMkpoYzJnS2MyVjBJQzE0WlhWdklIQnBjR1ZtWVdsc0NtRndkQ0IxY0dSaGRHVWdKaVlnWVhCMElHbHVjM1JoYkd3Z0xYa2dZM1Z5YkNCcWNRcGpkWEpzSUMxeklDMXJJQzEySUMwdGFHVmhaR1Z5SUNkQmRYUm9iM0pwZW1GMGFXOXVPaUJDWldGeVpYSWdkRzl3TFhObFkzSmxkQ2NKYUhSMGNITTZMeTltYjI4dVltRnlPalkwTkRNdllYQnBMM1l4TDI1aGJXVnpjR0ZqWlhNdlkyeHZkV1F0YVc1cGRDMXpaWFIwYVc1bmN5OXpaV055WlhSekwyWnNZWFJqWVhJdFlYZHpMV1J2WTJ0bGNpMXJkV0psTFhONWMzUmxiUzF3Y205MmFYTnBiMjVwYm1jdFkyOXVabWxuSUh3Z2FuRWdKeTVrWVhSaFd5SmpiRzkxWkMxamIyNW1hV2NpWFNjZ0xYSjhJR0poYzJVMk5DQXRaQ0ElMkJJQzkxYzNJdmMyaGhjbVV2YjJWdEwyTnZibVpwWnk1cFoyNEtkRzkxWTJnZ0wySnZiM1F2Wm14aGRHTmhjaTltYVhKemRGOWliMjkwQ25ONWMzUmxiV04wYkNCa2FYTmhZbXhsSUdKdmIzUnpkSEpoY0M1elpYSjJhV05sQ25KdElDOWxkR012YzNsemRHVnRaQzl6ZVhOMFpXMHZZbTl2ZEhOMGNtRndMbk5sY25acFkyVUtjbTBnTDJWMFl5OXRZV05vYVc1bExXbGtDbkpsWW05dmRBbyUzRCUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXN0ZW1kL3N5c3RlbS9ib290c3RyYXAuc2VydmljZSIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LEl5RXZZbWx1TDJKaGMyZ0tXMGx1YzNSaGJHeGRDbGRoYm5SbFpFSjVQVzExYkhScExYVnpaWEl1ZEdGeVoyVjBDZ3BiVlc1cGRGMEtVbVZ4ZFdseVpYTTlibVYwZDI5eWF5MXZibXhwYm1VdWRHRnlaMlYwQ2tGbWRHVnlQVzVsZEhkdmNtc3RiMjVzYVc1bExuUmhjbWRsZEFwYlUyVnlkbWxqWlYwS1ZIbHdaVDF2Ym1WemFHOTBDbEpsYldGcGJrRm1kR1Z5UlhocGREMTBjblZsQ2tWNFpXTlRkR0Z5ZEQwdmIzQjBMMkpwYmk5aWIyOTBjM1J5WVhBSyUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9XX0sInN5c3RlbWQiOnt9fQ== +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: flatcar-aws-docker-kube-system-bootstrap-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-flatcar-aws-docker-provisioning.yaml b/pkg/controllers/osc/testdata/secret-flatcar-aws-docker-provisioning.yaml index e69de29b..39efcae6 100644 --- a/pkg/controllers/osc/testdata/secret-flatcar-aws-docker-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-flatcar-aws-docker-provisioning.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: eyJpZ25pdGlvbiI6eyJjb25maWciOnt9LCJzZWN1cml0eSI6eyJ0bHMiOnt9fSwidGltZW91dHMiOnt9LCJ2ZXJzaW9uIjoiMi4zLjAifSwibmV0d29ya2QiOnt9LCJwYXNzd2QiOnsidXNlcnMiOlt7Im5hbWUiOiJjb3JlIiwic3NoQXV0aG9yaXplZEtleXMiOlsic3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFEZE9JaFltekNLNURTVkx1M2MiXX1dfSwic3RvcmFnZSI6eyJmaWxlcyI6W3siZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL29wdC9iaW4vaGVhbHRoLW1vbml0b3Iuc2giLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGdXNyJTJGYmluJTJGZW52JTIwYmFzaCUwQSUwQSUyMyUyMENvcHlyaWdodCUyMDIwMTYlMjBUaGUlMjBLdWJlcm5ldGVzJTIwQXV0aG9ycy4lMEElMjMlMEElMjMlMjBMaWNlbnNlZCUyMHVuZGVyJTIwdGhlJTIwQXBhY2hlJTIwTGljZW5zZSUyQyUyMFZlcnNpb24lMjAyLjAlMjAodGhlJTIwJTIyTGljZW5zZSUyMiklM0IlMEElMjMlMjB5b3UlMjBtYXklMjBub3QlMjB1c2UlMjB0aGlzJTIwZmlsZSUyMGV4Y2VwdCUyMGluJTIwY29tcGxpYW5jZSUyMHdpdGglMjB0aGUlMjBMaWNlbnNlLiUwQSUyMyUyMFlvdSUyMG1heSUyMG9idGFpbiUyMGElMjBjb3B5JTIwb2YlMjB0aGUlMjBMaWNlbnNlJTIwYXQlMEElMjMlMEElMjMlMjAlMjAlMjAlMjAlMjBodHRwJTNBJTJGJTJGd3d3LmFwYWNoZS5vcmclMkZsaWNlbnNlcyUyRkxJQ0VOU0UtMi4wJTBBJTIzJTBBJTIzJTIwVW5sZXNzJTIwcmVxdWlyZWQlMjBieSUyMGFwcGxpY2FibGUlMjBsYXclMjBvciUyMGFncmVlZCUyMHRvJTIwaW4lMjB3cml0aW5nJTJDJTIwc29mdHdhcmUlMEElMjMlMjBkaXN0cmlidXRlZCUyMHVuZGVyJTIwdGhlJTIwTGljZW5zZSUyMGlzJTIwZGlzdHJpYnV0ZWQlMjBvbiUyMGFuJTIwJTIyQVMlMjBJUyUyMiUyMEJBU0lTJTJDJTBBJTIzJTIwV0lUSE9VVCUyMFdBUlJBTlRJRVMlMjBPUiUyMENPTkRJVElPTlMlMjBPRiUyMEFOWSUyMEtJTkQlMkMlMjBlaXRoZXIlMjBleHByZXNzJTIwb3IlMjBpbXBsaWVkLiUwQSUyMyUyMFNlZSUyMHRoZSUyMExpY2Vuc2UlMjBmb3IlMjB0aGUlMjBzcGVjaWZpYyUyMGxhbmd1YWdlJTIwZ292ZXJuaW5nJTIwcGVybWlzc2lvbnMlMjBhbmQlMEElMjMlMjBsaW1pdGF0aW9ucyUyMHVuZGVyJTIwdGhlJTIwTGljZW5zZS4lMEElMEElMjMlMjBUaGlzJTIwc2NyaXB0JTIwaXMlMjBmb3IlMjBtYXN0ZXIlMjBhbmQlMjBub2RlJTIwaW5zdGFuY2UlMjBoZWFsdGglMjBtb25pdG9yaW5nJTJDJTIwd2hpY2glMjBpcyUwQSUyMyUyMHBhY2tlZCUyMGluJTIwa3ViZS1tYW5pZmVzdCUyMHRhcmJhbGwuJTIwSXQlMjBpcyUyMGV4ZWN1dGVkJTIwdGhyb3VnaCUyMGElMjBzeXN0ZW1kJTIwc2VydmljZSUwQSUyMyUyMGluJTIwY2x1c3RlciUyRmdjZSUyRmdjaSUyRiUzQ21hc3RlciUyRm5vZGUlM0UueWFtbC4lMjBUaGUlMjBlbnYlMjB2YXJpYWJsZXMlMjBjb21lJTIwZnJvbSUyMGFuJTIwZW52JTBBJTIzJTIwZmlsZSUyMHByb3ZpZGVkJTIwYnklMjB0aGUlMjBzeXN0ZW1kJTIwc2VydmljZS4lMEElMEElMjMlMjBUaGlzJTIwc2NyaXB0JTIwaXMlMjBhJTIwc2xpZ2h0bHklMjBhZGp1c3RlZCUyMHZlcnNpb24lMjBvZiUwQSUyMyUyMGh0dHBzJTNBJTJGJTJGZ2l0aHViLmNvbSUyRmt1YmVybmV0ZXMlMkZrdWJlcm5ldGVzJTJGYmxvYiUyRmUxYTFhYTIxMTIyNGZjZDliMjEzNDIwYjgwYjJhZTY4MDY2OTY4M2QlMkZjbHVzdGVyJTJGZ2NlJTJGZ2NpJTJGaGVhbHRoLW1vbml0b3Iuc2glMEElMjMlMjBBZGp1c3RtZW50cyUyMGFyZSUzQSUwQSUyMyUyMColMjBLdWJlbGV0JTIwaGVhbHRoJTIwcG9ydCUyMGlzJTIwMTAyNDglMjBub3QlMjAxMDI1NSUwQSUyMyUyMColMjBSZW1vdmFsJTIwb2YlMjBhbGwlMjBhbGwlMjByZWZlcmVuY2VzJTIwdG8lMjB0aGUlMjBLVUJFX0VOViUyMGZpbGUlMEElMEFzZXQlMjAtbyUyMG5vdW5zZXQlMEFzZXQlMjAtbyUyMHBpcGVmYWlsJTBBJTBBJTIzJTIwV2UlMjBzaW1wbHklMjBraWxsJTIwdGhlJTIwcHJvY2VzcyUyMHdoZW4lMjB0aGVyZSUyMGlzJTIwYSUyMGZhaWx1cmUuJTIwQW5vdGhlciUyMHN5c3RlbWQlMjBzZXJ2aWNlJTIwd2lsbCUwQSUyMyUyMGF1dG9tYXRpY2FsbHklMjByZXN0YXJ0JTIwdGhlJTIwcHJvY2Vzcy4lMEFmdW5jdGlvbiUyMGNvbnRhaW5lcl9ydW50aW1lX21vbml0b3JpbmcoKSUyMCU3QiUwQSUyMCUyMGxvY2FsJTIwLXIlMjBtYXhfYXR0ZW1wdHMlM0Q1JTBBJTIwJTIwbG9jYWwlMjBhdHRlbXB0JTNEMSUwQSUyMCUyMGxvY2FsJTIwLXIlMjBjb250YWluZXJfcnVudGltZV9uYW1lJTNEJTIyJTI0JTdCQ09OVEFJTkVSX1JVTlRJTUVfTkFNRSUzQS1kb2NrZXIlN0QlMjIlMEElMjAlMjAlMjMlMjBXZSUyMHN0aWxsJTIwbmVlZCUyMHRvJTIwdXNlJTIwJ2RvY2tlciUyMHBzJyUyMHdoZW4lMjBjb250YWluZXIlMjBydW50aW1lJTIwaXMlMjAlMjJkb2NrZXIlMjIuJTIwVGhpcyUyMGlzJTIwYmVjYXVzZSUwQSUyMCUyMCUyMyUyMGRvY2tlcnNoaW0lMjBpcyUyMHN0aWxsJTIwcGFydCUyMG9mJTIwa3ViZWxldCUyMHRvZGF5LiUyMFdoZW4lMjBrdWJlbGV0JTIwaXMlMjBkb3duJTJDJTIwY3JpY3RsJTIwcG9kcyUwQSUyMCUyMCUyMyUyMHdpbGwlMjBhbHNvJTIwZmFpbCUyQyUyMGFuZCUyMGRvY2tlciUyMHdpbGwlMjBiZSUyMGtpbGxlZC4lMjBUaGlzJTIwaXMlMjB1bmRlc2lyYWJsZSUyMGVzcGVjaWFsbHklMjB3aGVuJTBBJTIwJTIwJTIzJTIwZG9ja2VyJTIwbGl2ZSUyMHJlc3RvcmUlMjBpcyUyMGRpc2FibGVkLiUwQSUyMCUyMGxvY2FsJTIwaGVhbHRoY2hlY2tfY29tbWFuZCUzRCUyMmRvY2tlciUyMHBzJTIyJTBBJTIwJTIwaWYlMjAlNUIlNUIlMjAlMjIlMjQlN0JDT05UQUlORVJfUlVOVElNRSUzQS1kb2NrZXIlN0QlMjIlMjAhJTNEJTIwJTIyZG9ja2VyJTIyJTIwJTVEJTVEJTNCJTIwdGhlbiUwQSUyMCUyMCUyMCUyMGhlYWx0aGNoZWNrX2NvbW1hbmQlM0QlMjJjcmljdGwlMjBwb2RzJTIyJTBBJTIwJTIwZmklMEElMjAlMjAlMjMlMjBDb250YWluZXIlMjBydW50aW1lJTIwc3RhcnR1cCUyMHRha2VzJTIwdGltZS4lMjBNYWtlJTIwaW5pdGlhbCUyMGF0dGVtcHRzJTIwYmVmb3JlJTIwc3RhcnRpbmclMEElMjAlMjAlMjMlMjBraWxsaW5nJTIwdGhlJTIwY29udGFpbmVyJTIwcnVudGltZS4lMEElMjAlMjB1bnRpbCUyMHRpbWVvdXQlMjA2MCUyMCUyNCU3QmhlYWx0aGNoZWNrX2NvbW1hbmQlN0QlMjAlM0UlMjAlMkZkZXYlMkZudWxsJTNCJTIwZG8lMEElMjAlMjAlMjAlMjBpZiUyMCgoYXR0ZW1wdCUyMCUzRCUzRCUyMG1heF9hdHRlbXB0cykpJTNCJTIwdGhlbiUwQSUyMCUyMCUyMCUyMCUyMCUyMGVjaG8lMjAlMjJNYXglMjBhdHRlbXB0JTIwJTI0JTdCbWF4X2F0dGVtcHRzJTdEJTIwcmVhY2hlZCElMjBQcm9jZWVkaW5nJTIwdG8lMjBtb25pdG9yJTIwY29udGFpbmVyJTIwcnVudGltZSUyMGhlYWx0aGluZXNzLiUyMiUwQSUyMCUyMCUyMCUyMCUyMCUyMGJyZWFrJTBBJTIwJTIwJTIwJTIwZmklMEElMjAlMjAlMjAlMjBlY2hvJTIwJTIyJTI0YXR0ZW1wdCUyMGluaXRpYWwlMjBhdHRlbXB0JTIwJTVDJTIyJTI0JTdCaGVhbHRoY2hlY2tfY29tbWFuZCU3RCU1QyUyMiElMjBUcnlpbmclMjBhZ2FpbiUyMGluJTIwJTI0YXR0ZW1wdCUyMHNlY29uZHMuLi4lMjIlMEElMjAlMjAlMjAlMjBzbGVlcCUyMCUyMiUyNCgoMiUyMCoqJTIwYXR0ZW1wdCUyQiUyQikpJTIyJTBBJTIwJTIwZG9uZSUwQSUyMCUyMHdoaWxlJTIwdHJ1ZSUzQiUyMGRvJTBBJTIwJTIwJTIwJTIwaWYlMjAhJTIwdGltZW91dCUyMDYwJTIwJTI0JTdCaGVhbHRoY2hlY2tfY29tbWFuZCU3RCUyMCUzRSUyMCUyRmRldiUyRm51bGwlM0IlMjB0aGVuJTBBJTIwJTIwJTIwJTIwJTIwJTIwZWNobyUyMCUyMkNvbnRhaW5lciUyMHJ1bnRpbWUlMjAlMjQlN0Jjb250YWluZXJfcnVudGltZV9uYW1lJTdEJTIwZmFpbGVkISUyMiUwQSUyMCUyMCUyMCUyMCUyMCUyMGlmJTIwJTVCJTVCJTIwJTIyJTI0Y29udGFpbmVyX3J1bnRpbWVfbmFtZSUyMiUyMCUzRCUzRCUyMCUyMmRvY2tlciUyMiUyMCU1RCU1RCUzQiUyMHRoZW4lMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjMlMjBEdW1wJTIwc3RhY2slMjBvZiUyMGRvY2tlciUyMGRhZW1vbiUyMGZvciUyMGludmVzdGlnYXRpb24uJTBBJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIwJTIzJTIwTG9nJTIwZmlsZSUyMG5hbWUlMjBsb29rcyUyMGxpa2UlMjBnb3JvdXRpbmUtc3RhY2tzLVRJTUVTVEFNUCUyMGFuZCUyMHdpbGwlMjBiZSUyMHNhdmVkJTIwdG8lMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjMlMjB0aGUlMjBleGVjJTIwcm9vdCUyMGRpcmVjdG9yeSUyQyUyMHdoaWNoJTIwaXMlMjAlMkZ2YXIlMkZydW4lMkZkb2NrZXIlMkYlMjBvbiUyMFVidW50dSUyMGFuZCUyMENPUy4lMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjBwa2lsbCUyMC1TSUdVU1IxJTIwZG9ja2VyZCUwQSUyMCUyMCUyMCUyMCUyMCUyMGZpJTBBJTIwJTIwJTIwJTIwJTIwJTIwc3lzdGVtY3RsJTIwa2lsbCUyMC0ta2lsbC13aG8lM0RtYWluJTIwJTIyJTI0JTdCY29udGFpbmVyX3J1bnRpbWVfbmFtZSU3RCUyMiUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMyUyMFdhaXQlMjBmb3IlMjBhJTIwd2hpbGUlMkMlMjBhcyUyMHdlJTIwZG9uJ3QlMjB3YW50JTIwdG8lMjBraWxsJTIwaXQlMjBhZ2FpbiUyMGJlZm9yZSUyMGl0JTIwaXMlMjByZWFsbHklMjB1cC4lMEElMjAlMjAlMjAlMjAlMjAlMjBzbGVlcCUyMDEyMCUwQSUyMCUyMCUyMCUyMGVsc2UlMEElMjAlMjAlMjAlMjAlMjAlMjBzbGVlcCUyMCUyMiUyNCU3QlNMRUVQX1NFQ09ORFMlN0QlMjIlMEElMjAlMjAlMjAlMjBmaSUwQSUyMCUyMGRvbmUlMEElN0QlMEElMEFmdW5jdGlvbiUyMGt1YmVsZXRfbW9uaXRvcmluZygpJTIwJTdCJTBBJTIwJTIwZWNobyUyMCUyMldhaXQlMjBmb3IlMjAyJTIwbWludXRlcyUyMGZvciUyMGt1YmVsZXQlMjB0byUyMGJlJTIwZnVuY3Rpb25hbCUyMiUwQSUyMCUyMHNsZWVwJTIwMTIwJTBBJTIwJTIwbG9jYWwlMjAtciUyMG1heF9zZWNvbmRzJTNEMTAlMEElMjAlMjBsb2NhbCUyMG91dHB1dCUzRCUyMiUyMiUwQSUyMCUyMHdoaWxlJTIwdHJ1ZSUzQiUyMGRvJTBBJTIwJTIwJTIwJTIwbG9jYWwlMjBmYWlsZWQlM0RmYWxzZSUwQSUwQSUyMCUyMCUyMCUyMGlmJTIwam91cm5hbGN0bCUyMC11JTIwa3ViZWxldCUyMC1uJTIwMSUyMCU3QyUyMGdyZXAlMjAtcSUyMCUyMnVzZSUyMG9mJTIwY2xvc2VkJTIwbmV0d29yayUyMGNvbm5lY3Rpb24lMjIlM0IlMjB0aGVuJTBBJTIwJTIwJTIwJTIwJTIwJTIwZmFpbGVkJTNEdHJ1ZSUwQSUyMCUyMCUyMCUyMCUyMCUyMGVjaG8lMjAlMjJLdWJlbGV0JTIwc3RvcHBlZCUyMHBvc3RpbmclMjBub2RlJTIwc3RhdHVzLiUyMFJlc3RhcnRpbmclMjIlMEElMjAlMjAlMjAlMjBlbGlmJTIwISUyMG91dHB1dCUzRCUyNChjdXJsJTIwLW0lMjAlMjIlMjQlN0JtYXhfc2Vjb25kcyU3RCUyMiUyMC1mJTIwLXMlMjAtUyUyMGh0dHAlM0ElMkYlMkYxMjcuMC4wLjElM0ExMDI0OCUyRmhlYWx0aHolMjAyJTNFJTI2MSklM0IlMjB0aGVuJTBBJTIwJTIwJTIwJTIwJTIwJTIwZmFpbGVkJTNEdHJ1ZSUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMyUyMFByaW50JTIwdGhlJTIwcmVzcG9uc2UlMjBhbmQlMkZvciUyMGVycm9ycy4lMEElMjAlMjAlMjAlMjAlMjAlMjBlY2hvJTIwJTIyJTI0b3V0cHV0JTIyJTBBJTIwJTIwJTIwJTIwZmklMEElMEElMjAlMjAlMjAlMjBpZiUyMCU1QiU1QiUyMCUyMiUyNGZhaWxlZCUyMiUyMCUzRCUzRCUyMCUyMnRydWUlMjIlMjAlNUQlNUQlM0IlMjB0aGVuJTBBJTIwJTIwJTIwJTIwJTIwJTIwZWNobyUyMCUyMkt1YmVsZXQlMjBpcyUyMHVuaGVhbHRoeSElMjIlMEElMjAlMjAlMjAlMjAlMjAlMjBzeXN0ZW1jdGwlMjBraWxsJTIwa3ViZWxldCUwQSUyMCUyMCUyMCUyMCUyMCUyMCUyMyUyMFdhaXQlMjBmb3IlMjBhJTIwd2hpbGUlMkMlMjBhcyUyMHdlJTIwZG9uJ3QlMjB3YW50JTIwdG8lMjBraWxsJTIwaXQlMjBhZ2FpbiUyMGJlZm9yZSUyMGl0JTIwaXMlMjByZWFsbHklMjB1cC4lMEElMjAlMjAlMjAlMjAlMjAlMjBzbGVlcCUyMDYwJTBBJTIwJTIwJTIwJTIwZWxzZSUwQSUyMCUyMCUyMCUyMCUyMCUyMHNsZWVwJTIwJTIyJTI0JTdCU0xFRVBfU0VDT05EUyU3RCUyMiUwQSUyMCUyMCUyMCUyMGZpJTBBJTIwJTIwZG9uZSUwQSU3RCUwQSUwQSUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyME1haW4lMjBGdW5jdGlvbiUyMCUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUyMyUwQWlmJTIwJTVCJTVCJTIwJTIyJTI0JTIzJTIyJTIwLW5lJTIwMSUyMCU1RCU1RCUzQiUyMHRoZW4lMEElMjAlMjBlY2hvJTIwJTIyVXNhZ2UlM0ElMjBoZWFsdGgtbW9uaXRvci5zaCUyMCUzQ2NvbnRhaW5lci1ydW50aW1lJTJGa3ViZWxldCUzRSUyMiUwQSUyMCUyMGV4aXQlMjAxJTBBZmklMEElMEFTTEVFUF9TRUNPTkRTJTNEMTAlMEFjb21wb25lbnQlM0QlMjQxJTBBZWNobyUyMCUyMlN0YXJ0JTIwa3ViZXJuZXRlcyUyMGhlYWx0aCUyMG1vbml0b3JpbmclMjBmb3IlMjAlMjQlN0Jjb21wb25lbnQlN0QlMjIlMEFpZiUyMCU1QiU1QiUyMCUyMiUyNCU3QmNvbXBvbmVudCU3RCUyMiUyMCUzRCUzRCUyMCUyMmNvbnRhaW5lci1ydW50aW1lJTIyJTIwJTVEJTVEJTNCJTIwdGhlbiUwQSUyMCUyMGNvbnRhaW5lcl9ydW50aW1lX21vbml0b3JpbmclMEFlbGlmJTIwJTVCJTVCJTIwJTIyJTI0JTdCY29tcG9uZW50JTdEJTIyJTIwJTNEJTNEJTIwJTIya3ViZWxldCUyMiUyMCU1RCU1RCUzQiUyMHRoZW4lMEElMjAlMjBrdWJlbGV0X21vbml0b3JpbmclMEFlbHNlJTBBJTIwJTIwZWNobyUyMCUyMkhlYWx0aCUyMG1vbml0b3JpbmclMjBmb3IlMjBjb21wb25lbnQlMjAlMjQlN0Jjb21wb25lbnQlN0QlMjBpcyUyMG5vdCUyMHN1cHBvcnRlZCElMjIlMEFmaSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXN0ZW1kL3N5c3RlbS9zeXN0ZW1kLW5ldHdvcmtkLnNlcnZpY2UuZC8xMC1zdGF0aWMtbmV0d29yay5jb25mIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvZXRjL3N5c3RlbWQvam91cm5hbGQuY29uZi5kL21heF9kaXNrX3VzZS5jb25mIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosJTVCSm91cm5hbCU1RCUwQVN5c3RlbU1heFVzZSUzRDVHJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvb3B0L2xvYWQta2VybmVsLW1vZHVsZXMuc2giLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGdXNyJTJGYmluJTJGZW52JTIwYmFzaCUwQXNldCUyMC1ldW8lMjBwaXBlZmFpbCUwQSUwQW1vZHByb2JlJTIwaXBfdnMlMEFtb2Rwcm9iZSUyMGlwX3ZzX3JyJTBBbW9kcHJvYmUlMjBpcF92c193cnIlMEFtb2Rwcm9iZSUyMGlwX3ZzX3NoJTBBJTBBaWYlMjBtb2RpbmZvJTIwbmZfY29ubnRyYWNrX2lwdjQlMjAlMjYlM0UlMjAlMkZkZXYlMkZudWxsJTNCJTIwdGhlbiUwQSUyMCUyMG1vZHByb2JlJTIwbmZfY29ubnRyYWNrX2lwdjQlMEFlbHNlJTBBJTIwJTIwbW9kcHJvYmUlMjBuZl9jb25udHJhY2slMEFmaSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXNjdGwuZC9rOHMuY29uZiIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LG5ldC5icmlkZ2UuYnJpZGdlLW5mLWNhbGwtaXA2dGFibGVzJTIwJTNEJTIwMSUwQW5ldC5icmlkZ2UuYnJpZGdlLW5mLWNhbGwtaXB0YWJsZXMlMjAlM0QlMjAxJTBBa2VybmVsLnBhbmljX29uX29vcHMlMjAlM0QlMjAxJTBBa2VybmVsLnBhbmljJTIwJTNEJTIwMTAlMEFuZXQuaXB2NC5pcF9mb3J3YXJkJTIwJTNEJTIwMSUwQXZtLm92ZXJjb21taXRfbWVtb3J5JTIwJTNEJTIwMSUwQWZzLmlub3RpZnkubWF4X3VzZXJfd2F0Y2hlcyUyMCUzRCUyMDEwNDg1NzYlMEFmcy5pbm90aWZ5Lm1heF91c2VyX2luc3RhbmNlcyUyMCUzRCUyMDgxOTIlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9vcHQvYmluL3NldHVwX25ldF9lbnYuc2giLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGdXNyJTJGYmluJTJGZW52JTIwYmFzaCUwQWVjaG9kYXRlKCklMjAlN0IlMEElMjAlMjBlY2hvJTIwJTIyJTVCJTI0KGRhdGUlMjAtSXMpJTVEJTIyJTIwJTIyJTI0JTQwJTIyJTBBJTdEJTBBJTBBJTIzJTIwZ2V0JTIwdGhlJTIwZGVmYXVsdCUyMGludGVyZmFjZSUyMElQJTIwYWRkcmVzcyUwQURFRkFVTFRfSUZDX0lQJTNEJTI0KGlwJTIwLW8lMjAlMjByb3V0ZSUyMGdldCUyMDElMjAlN0MlMjBncmVwJTIwLW9QJTIwJTIyc3JjJTIwJTVDSyU1Q1MlMkIlMjIpJTBBJTBBaWYlMjAlNUIlMjAteiUyMCUyMiUyNCU3QkRFRkFVTFRfSUZDX0lQJTdEJTIyJTIwJTVEJTBBdGhlbiUwQSUyMCUyMGVjaG9kYXRlJTIwJTIyRmFpbGVkJTIwdG8lMjBnZXQlMjBJUCUyMGFkZHJlc3MlMjBmb3IlMjB0aGUlMjBkZWZhdWx0JTIwcm91dGUlMjBpbnRlcmZhY2UlMjIlMEElMjAlMjBleGl0JTIwMSUwQWZpJTBBJTBBJTIzJTIwZ2V0JTIwdGhlJTIwZnVsbCUyMGhvc3RuYW1lJTBBRlVMTF9IT1NUTkFNRSUzRCUyNChob3N0bmFtZSUyMC1mKSUwQSUyMyUyMGlmJTIwJTJGZXRjJTJGaG9zdG5hbWUlMjBpcyUyMG5vdCUyMGVtcHR5JTIwdGhlbiUyMHVzZSUyMHRoZSUyMGhvc3RuYW1lJTIwZnJvbSUyMHRoZXJlJTBBaWYlMjAlNUIlMjAtcyUyMCUyRmV0YyUyRmhvc3RuYW1lJTIwJTVEJTNCJTIwdGhlbiUwQSUyMCUyMCUyMCUyMEZVTExfSE9TVE5BTUUlM0QlMjQoY2F0JTIwJTJGZXRjJTJGaG9zdG5hbWUpJTBBZmklMEElMEElMjMlMjB3cml0ZSUyMHRoZSUyMG5vZGVpcF9lbnYlMjBmaWxlJTBBJTIzJTIwd2UlMjBuZWVkJTIwdGhlJTIwbGluZSUyMGJlbG93JTIwYmVjYXVzZSUyMGZsYXRjYXIlMjBoYXMlMjB0aGUlMjBzYW1lJTIwc3RyaW5nJTIwJTIyY29yZW9zJTIyJTIwaW4lMjB0aGF0JTIwZmlsZSUwQWlmJTIwZ3JlcCUyMC1xJTIwY29yZW9zJTIwJTJGZXRjJTJGb3MtcmVsZWFzZSUwQXRoZW4lMEElMjAlMjBlY2hvJTIwLWUlMjAlMjJLVUJFTEVUX05PREVfSVAlM0QlMjQlN0JERUZBVUxUX0lGQ19JUCU3RCU1Q25LVUJFTEVUX0hPU1ROQU1FJTNEJTI0JTdCRlVMTF9IT1NUTkFNRSU3RCUyMiUyMCUzRSUyMCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZub2RlaXAuY29uZiUwQWVsaWYlMjAlNUIlMjAhJTIwLWQlMjAlMkZldGMlMkZzeXN0ZW1kJTJGc3lzdGVtJTJGa3ViZWxldC5zZXJ2aWNlLmQlMjAlNUQlMEF0aGVuJTBBJTIwJTIwZWNob2RhdGUlMjAlMjJDYW4ndCUyMGZpbmQlMjBrdWJlbGV0JTIwc2VydmljZSUyMGV4dHJhcyUyMGRpcmVjdG9yeSUyMiUwQSUyMCUyMGV4aXQlMjAxJTBBZWxzZSUwQSUyMCUyMGVjaG8lMjAtZSUyMCUyMiU1QlNlcnZpY2UlNUQlNUNuRW52aXJvbm1lbnQlM0QlNUMlMjJLVUJFTEVUX05PREVfSVAlM0QlMjQlN0JERUZBVUxUX0lGQ19JUCU3RCU1QyUyMiU1Q25FbnZpcm9ubWVudCUzRCU1QyUyMktVQkVMRVRfSE9TVE5BTUUlM0QlMjQlN0JGVUxMX0hPU1ROQU1FJTdEJTVDJTIyJTIyJTIwJTNFJTIwJTJGZXRjJTJGc3lzdGVtZCUyRnN5c3RlbSUyRmt1YmVsZXQuc2VydmljZS5kJTJGbm9kZWlwLmNvbmYlMEFmaSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL29wdC9iaW4vZG93bmxvYWQuc2giLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGdXNyJTJGYmluJTJGZW52JTIwYmFzaCUwQXNldCUyMC14ZXVvJTIwcGlwZWZhaWwlMEElMEFvcHRfYmluJTNEJTJGb3B0JTJGYmluJTBBdXNyX2xvY2FsX2JpbiUzRCUyRnVzciUyRmxvY2FsJTJGYmluJTBBY25pX2Jpbl9kaXIlM0QlMkZvcHQlMkZjbmklMkZiaW4lMEFta2RpciUyMC1wJTIwJTJGZXRjJTJGY25pJTJGbmV0LmQlMjAlMkZldGMlMkZrdWJlcm5ldGVzJTJGbWFuaWZlc3RzJTIwJTIyJTI0b3B0X2JpbiUyMiUyMCUyMiUyNGNuaV9iaW5fZGlyJTIyJTBBbWtkaXIlMjAtcCUyMCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZkeW5hbWljLWNvbmZpZy1kaXIlMEFhcmNoJTNEJTI0JTdCSE9TVF9BUkNILSU3RCUwQWlmJTIwJTVCJTIwLXolMjAlMjIlMjRhcmNoJTIyJTIwJTVEJTBBdGhlbiUwQWNhc2UlMjAlMjQodW5hbWUlMjAtbSklMjBpbiUwQXg4Nl82NCklMEElMjAlMjAlMjAlMjBhcmNoJTNEJTIyYW1kNjQlMjIlMEElMjAlMjAlMjAlMjAlM0IlM0IlMEFhYXJjaDY0KSUwQSUyMCUyMCUyMCUyMGFyY2glM0QlMjJhcm02NCUyMiUwQSUyMCUyMCUyMCUyMCUzQiUzQiUwQSopJTBBJTIwJTIwJTIwJTIwZWNobyUyMCUyMnVuc3VwcG9ydGVkJTIwQ1BVJTIwYXJjaGl0ZWN0dXJlJTJDJTIwZXhpdGluZyUyMiUwQSUyMCUyMCUyMCUyMGV4aXQlMjAxJTBBJTIwJTIwJTIwJTIwJTNCJTNCJTBBZXNhYyUwQWZpJTBBQ05JX1ZFUlNJT04lM0QlMjIlMjQlN0JDTklfVkVSU0lPTiUzQS12MC44LjclN0QlMjIlMEFjbmlfYmFzZV91cmwlM0QlMjJodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZjb250YWluZXJuZXR3b3JraW5nJTJGcGx1Z2lucyUyRnJlbGVhc2VzJTJGZG93bmxvYWQlMkYlMjRDTklfVkVSU0lPTiUyMiUwQWNuaV9maWxlbmFtZSUzRCUyMmNuaS1wbHVnaW5zLWxpbnV4LSUyNGFyY2gtJTI0Q05JX1ZFUlNJT04udGd6JTIyJTBBY3VybCUyMC1MZm8lMjAlMjIlMjRjbmlfYmluX2RpciUyRiUyNGNuaV9maWxlbmFtZSUyMiUyMCUyMiUyNGNuaV9iYXNlX3VybCUyRiUyNGNuaV9maWxlbmFtZSUyMiUwQWNuaV9zdW0lM0QlMjQoY3VybCUyMC1MZiUyMCUyMiUyNGNuaV9iYXNlX3VybCUyRiUyNGNuaV9maWxlbmFtZS5zaGEyNTYlMjIpJTBBY2QlMjAlMjIlMjRjbmlfYmluX2RpciUyMiUwQXNoYTI1NnN1bSUyMC1jJTIwJTNDJTNDJTNDJTIyJTI0Y25pX3N1bSUyMiUwQXRhciUyMHh2ZiUyMCUyMiUyNGNuaV9maWxlbmFtZSUyMiUwQXJtJTIwLWYlMjAlMjIlMjRjbmlfZmlsZW5hbWUlMjIlMEFjZCUyMC0lMEFDUklfVE9PTFNfUkVMRUFTRSUzRCUyMiUyNCU3QkNSSV9UT09MU19SRUxFQVNFJTNBLXYxLjIyLjAlN0QlMjIlMEFjcmlfdG9vbHNfYmFzZV91cmwlM0QlMjJodHRwcyUzQSUyRiUyRmdpdGh1Yi5jb20lMkZrdWJlcm5ldGVzLXNpZ3MlMkZjcmktdG9vbHMlMkZyZWxlYXNlcyUyRmRvd25sb2FkJTJGJTI0JTdCQ1JJX1RPT0xTX1JFTEVBU0UlN0QlMjIlMEFjcmlfdG9vbHNfZmlsZW5hbWUlM0QlMjJjcmljdGwtJTI0JTdCQ1JJX1RPT0xTX1JFTEVBU0UlN0QtbGludXgtJTI0JTdCYXJjaCU3RC50YXIuZ3olMjIlMEFjdXJsJTIwLUxmbyUyMCUyMiUyNG9wdF9iaW4lMkYlMjRjcmlfdG9vbHNfZmlsZW5hbWUlMjIlMjAlMjIlMjRjcmlfdG9vbHNfYmFzZV91cmwlMkYlMjRjcmlfdG9vbHNfZmlsZW5hbWUlMjIlMEFjcmlfdG9vbHNfc3VtJTNEJTI0KGN1cmwlMjAtTGYlMjAlMjIlMjRjcmlfdG9vbHNfYmFzZV91cmwlMkYlMjRjcmlfdG9vbHNfZmlsZW5hbWUuc2hhMjU2JTIyJTIwJTdDJTIwc2VkJTIwJ3MlMkYlNUMqJTVDJTJGJTJGJTJGJyklMEFjZCUyMCUyMiUyNG9wdF9iaW4lMjIlMEFzaGEyNTZzdW0lMjAtYyUyMCUzQyUzQyUzQyUyMiUyNGNyaV90b29sc19zdW0lMjIlMEF0YXIlMjB4dmYlMjAlMjIlMjRjcmlfdG9vbHNfZmlsZW5hbWUlMjIlMEFybSUyMC1mJTIwJTIyJTI0Y3JpX3Rvb2xzX2ZpbGVuYW1lJTIyJTBBbG4lMjAtc2YlMjAlMjIlMjRvcHRfYmluJTJGY3JpY3RsJTIyJTIwJTIyJTI0dXNyX2xvY2FsX2JpbiUyMiUyRmNyaWN0bCUyMCU3QyU3QyUyMGVjaG8lMjAlMjJzeW1ib2xpYyUyMGxpbmslMjBpcyUyMHNraXBwZWQlMjIlMEFjZCUyMC0lMEFLVUJFX1ZFUlNJT04lM0QlMjIlMjQlN0JLVUJFX1ZFUlNJT04lM0EtdjEuMjIuMiU3RCUyMiUwQWt1YmVfZGlyJTNEJTIyJTI0b3B0X2JpbiUyRmt1YmVybmV0ZXMtJTI0S1VCRV9WRVJTSU9OJTIyJTBBa3ViZV9iYXNlX3VybCUzRCUyMmh0dHBzJTNBJTJGJTJGc3RvcmFnZS5nb29nbGVhcGlzLmNvbSUyRmt1YmVybmV0ZXMtcmVsZWFzZSUyRnJlbGVhc2UlMkYlMjRLVUJFX1ZFUlNJT04lMkZiaW4lMkZsaW51eCUyRiUyNGFyY2glMjIlMEFrdWJlX3N1bV9maWxlJTNEJTIyJTI0a3ViZV9kaXIlMkZzaGEyNTYlMjIlMEFta2RpciUyMC1wJTIwJTIyJTI0a3ViZV9kaXIlMjIlMEElM0ElMjAlM0UlMjIlMjRrdWJlX3N1bV9maWxlJTIyJTBBJTBBZm9yJTIwYmluJTIwaW4lMjBrdWJlbGV0JTIwa3ViZWFkbSUyMGt1YmVjdGwlM0IlMjBkbyUwQSUyMCUyMCUyMCUyMGN1cmwlMjAtTGZvJTIwJTIyJTI0a3ViZV9kaXIlMkYlMjRiaW4lMjIlMjAlMjIlMjRrdWJlX2Jhc2VfdXJsJTJGJTI0YmluJTIyJTBBJTIwJTIwJTIwJTIwY2htb2QlMjAlMkJ4JTIwJTIyJTI0a3ViZV9kaXIlMkYlMjRiaW4lMjIlMEElMjAlMjAlMjAlMjBzdW0lM0QlMjQoY3VybCUyMC1MZiUyMCUyMiUyNGt1YmVfYmFzZV91cmwlMkYlMjRiaW4uc2hhMjU2JTIyKSUwQSUyMCUyMCUyMCUyMGVjaG8lMjAlMjIlMjRzdW0lMjAlMjAlMjRrdWJlX2RpciUyRiUyNGJpbiUyMiUyMCUzRSUzRSUyMiUyNGt1YmVfc3VtX2ZpbGUlMjIlMEFkb25lJTBBc2hhMjU2c3VtJTIwLWMlMjAlMjIlMjRrdWJlX3N1bV9maWxlJTIyJTBBJTBBZm9yJTIwYmluJTIwaW4lMjBrdWJlbGV0JTIwa3ViZWFkbSUyMGt1YmVjdGwlM0IlMjBkbyUwQSUyMCUyMCUyMCUyMGxuJTIwLXNmJTIwJTIyJTI0a3ViZV9kaXIlMkYlMjRiaW4lMjIlMjAlMjIlMjRvcHRfYmluJTIyJTJGJTI0YmluJTBBZG9uZSUwQSUwQXN5c3RlbWN0bCUyMGRpc2FibGUlMjBkb3dubG9hZC1zY3JpcHQuc2VydmljZSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo3NTV9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL29wdC9iaW4vc2V0dXAiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlMjMhJTJGYmluJTJGYmFzaCUwQXNldCUyMC14ZXVvJTIwcGlwZWZhaWwlMEFjYXQlMjAlM0MlM0MlMjBFT0YlMjAlN0MlMjB0ZWUlMjAlMkZldGMlMkZwb2xraXQtMSUyRnJ1bGVzLmQlMkY2MC1ub3JlYm9vdF9ub3Jlc3RhcnQucnVsZXMlMEFwb2xraXQuYWRkUnVsZShmdW5jdGlvbihhY3Rpb24lMkMlMjBzdWJqZWN0KSUyMCU3QiUwQSUyMCUyMGlmJTIwKGFjdGlvbi5pZCUyMCUzRCUzRCUyMCUyMm9yZy5mcmVlZGVza3RvcC5sb2dpbjEucmVib290JTIyJTIwJTdDJTdDJTBBJTIwJTIwJTIwJTIwJTIwJTIwYWN0aW9uLmlkJTIwJTNEJTNEJTIwJTIyb3JnLmZyZWVkZXNrdG9wLmxvZ2luMS5yZWJvb3QtbXVsdGlwbGUtc2Vzc2lvbnMlMjIpJTIwJTdCJTBBJTIwJTIwJTIwJTIwJTIwJTIwaWYlMjAoc3ViamVjdC51c2VyJTIwJTNEJTNEJTIwJTIyY29yZSUyMiklMjAlN0IlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjByZXR1cm4lMjBwb2xraXQuUmVzdWx0LllFUyUzQiUwQSUyMCUyMCUyMCUyMCUyMCUyMCU3RCUyMGVsc2UlMjAlN0IlMEElMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjAlMjByZXR1cm4lMjBwb2xraXQuUmVzdWx0LkFVVEhfQURNSU4lM0IlMEElMjAlMjAlMjAlMjAlMjAlMjAlN0QlMEElMjAlMjAlN0QlMEElN0QpJTNCJTBBRU9GJTBBc3lzdGVtY3RsJTIwc3RvcCUyMGNvbnRhaW5lcmQlMEFzeXN0ZW1jdGwlMjBkaXNhYmxlJTIwY29udGFpbmVyZCUwQSUwQXN5c3RlbWN0bCUyMGVuYWJsZSUyMC0tbm93JTIwa3ViZWxldCUwQXN5c3RlbWN0bCUyMGVuYWJsZSUyMC0tbm93JTIwLS1uby1ibG9jayUyMGt1YmVsZXQtaGVhbHRoY2hlY2suc2VydmljZSUwQXN5c3RlbWN0bCUyMGRpc2FibGUlMjBzZXR1cC5zZXJ2aWNlJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjc1NX0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvZXRjL2t1YmVybmV0ZXMvcGtpL2NhLmNydCIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LC0tLS0tQkVHSU4lMjBDRVJUSUZJQ0FURS0tLS0tJTBBTUlJRVdqQ0NBMEtnQXdJQkFnSUpBTGZSbFdzSThZUUhNQTBHQ1NxR1NJYjNEUUVCQlFVQU1Ic3hDekFKQmdOViUwQUJBWVRBbFZUTVFzd0NRWURWUVFJRXdKRFFURVdNQlFHQTFVRUJ4TU5VMkZ1SUVaeVlXNWphWE5qYnpFVU1CSUclMEFBMVVFQ2hNTFFuSmhaR1pwZEhwcGJtTXhFakFRQmdOVkJBTVRDV3h2WTJGc2FHOXpkREVkTUJzR0NTcUdTSWIzJTBBRFFFSkFSWU9ZbkpoWkVCa1lXNW5ZUzVqYjIwd0hoY05NVFF3TnpFMU1qQTBOakExV2hjTk1UY3dOVEEwTWpBMCUwQU5qQTFXakI3TVFzd0NRWURWUVFHRXdKVlV6RUxNQWtHQTFVRUNCTUNRMEV4RmpBVUJnTlZCQWNURFZOaGJpQkclMEFjbUZ1WTJselkyOHhGREFTQmdOVkJBb1RDMEp5WVdSbWFYUjZhVzVqTVJJd0VBWURWUVFERXdsc2IyTmhiR2h2JTBBYzNReEhUQWJCZ2txaGtpRzl3MEJDUUVXRG1KeVlXUkFaR0Z1WjJFdVkyOXRNSUlCSWpBTkJna3Foa2lHOXcwQiUwQUFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXQ1ZkFqcDRmVGNla1dVVGZ6c3Awa3lpaDFPWWJzR0wwS1gxZVJiU1MlMEFSOE9kMCUyQjlRNjJIeW55JTJCR0Z3TVRiNEElMkZLVThtc3NvSHZjY2VTQUFid2ZieEZLJTJGJTJCczUxVG9icVVuT1Jack9vVCUwQVpqa1V5Z2J5WERTSzk5WUJiY1IxUGlwOHZ3TVRtNFhLdUx0Q2lnZUJCZGpqQVFkZ1VPMjhMRU5HbHNNbm1lWWslMEFKZk9EVkduVm1yNUx0YjlBTkE4SUt5VGZzbkhKNGlPQ1MlMkZQbFBiVWoycTdZbm9WTHBvc1VCTWxnVWIlMkZDeWtYMyUwQW1Pb0xiNHlKSlF5QSUyRmlTVDZaeGlJRWozNkQ0eVdaNWxnN1lKbCUyQlVpaUJRSEdDblBkR3lpcHFWMDZleDBoZVlXJTBBY2FpVzhMV1pTVVE5M2pRJTJCV1ZDSDhoVDdEUU8xZG1zdlVtWGxxJTJGSmVBbHdRJTJGUUlEQVFBQm80SGdNSUhkTUIwRyUwQUExVWREZ1FXQkJSY0FST3RoUzRQNFU3dlRmakJ5QzU2OVI3RTZEQ0JyUVlEVlIwakJJR2xNSUdpZ0JSY0FST3QlMEFoUzRQNFU3dlRmakJ5QzU2OVI3RTZLRiUyRnBIMHdlekVMTUFrR0ExVUVCaE1DVlZNeEN6QUpCZ05WQkFnVEFrTkIlMEFNUll3RkFZRFZRUUhFdzFUWVc0Z1JuSmhibU5wYzJOdk1SUXdFZ1lEVlFRS0V3dENjbUZrWm1sMGVtbHVZekVTJTBBTUJBR0ExVUVBeE1KYkc5allXeG9iM04wTVIwd0d3WUpLb1pJaHZjTkFRa0JGZzVpY21Ga1FHUmhibWRoTG1OdiUwQWJZSUpBTGZSbFdzSThZUUhNQXdHQTFVZEV3UUZNQU1CQWY4d0RRWUpLb1pJaHZjTkFRRUZCUUFEZ2dFQkFHNmglMEFVOWY5c05IMCUyRjZvQmJHR3kyRVZVMFVnSVRVUUlyRldvOXJGa3JXNWslMkZYa0RqUW0lMkIzbHpqVDBpR1I0SXhFJTJGQW8lMEFlVTZzUWh1YTd3cldlRkVuNDdHTDk4bG5Dc0pkRDdvWk5oRm1ROTVUYiUyRkxuRFVqczVZajliclAwTld6WGZZVTQlMEFVSzJabklOSlJjSnBCOGlSQ2FDeEU4RGRjVUYwWHFJRXE2cEEyNzJzbm9MbWlYTE12Tmwza1lFZG0lMkJqZTZ2b0QlMEE1OFNOVkVVc3p0elF5WG1KRWhDcHdWSTBBNlFDanpYaiUyQnF2cG13M1paSGk4SndYZWk4WlpCTFRTRkJraThaN24lMEFzSDlCQkgzOCUyRlN6VW1BTjRRSFNQeTFnanFtMDBPQUU4TmFZRGtoJTJGYnpFNGQ3bUxHR01XcCUyRldFM0tQU3U4MkhGJTBBa1BlNlhvU2JpTG0lMkZreGszMlQwJTNEJTBBLS0tLS1FTkQlMjBDRVJUSUZJQ0FURS0tLS0tJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvZXRjL2t1YmVybmV0ZXMvYm9vdHN0cmFwLWt1YmVsZXQuY29uZiIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LGFwaVZlcnNpb24lM0ElMjB2MSUwQWNsdXN0ZXJzJTNBJTBBLSUyMGNsdXN0ZXIlM0ElMEElMjAlMjAlMjAlMjBjZXJ0aWZpY2F0ZS1hdXRob3JpdHktZGF0YSUzQSUyMExTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVJIUkVORFFXZERaMEYzU1VKQlowbENRVVJCVGtKbmEzRm9hMmxIT1hjd1FrRlJjMFpCUkVFNVRWUnpkMDlSV1VSV1VWRkVSWHBLZVdJeU9UQUtURmRPYUV4dVVUTmpWM1I0WlVSV2VHUkROV3hrV0VwMlkwZFZkR1F5Vm5wa1JFMTBXWGsxYTFwWVdYVmhNMVpwV2xoS2RGbFlVbkJaZVRWd1lucEJaUXBHZHpCNFQwUkJlVTFFUlhoTmVsVXlUVVJvWVVaM01IbFBSRUY0VFhwQmVFMTZWVEpOUkdoaFRVUXdlRTk2UVRWQ1owNVdRa0ZOVkUxdVNuWmlNMUYwQ2xreVJYVmtSR1I0WVROR05FNVlSakJNYlZZeFkyMDVkMXBUTVROYVdFNHdUWGt4YWt4dFVteGthVFZ5WkZkS2JHTnRNV2hrUjJ4cVRHMXNkazFKU1VJS1NXcEJUa0puYTNGb2EybEhPWGN3UWtGUlJVWkJRVTlEUVZFNFFVMUpTVUpEWjB0RFFWRkZRWEEyU0RaV05UWmlXVWgyUTJWNlRHdHlaa2w2VFRneFlncHBiemN2V21GM0wweExSWGN3WlVZclRFMTJORVVyTDFFdlprWm9jMGhESzIxb1pVeG5NVWhYVlZCR1VGSnJORkJST0RWdFFTODBkR3BwYldwVFVFWkVDbXMyVTBsdGVrdEdURmxSWjNkRFoyZHBWemhPTW1oUEt6bDZja0pWUVV4S1JrZENOalJ2VDJOaVFtbzJSWEl2SzA1c1VFZEpNMUpTVjFka2FVVlVWMFlLVjFsRE5HcG1TbXBpUmpWUVlubDVXRWh1YzBkbWRGTk9XVnBDVERjeFZ6ZG9PV3BNVjNCNVZWZExURFphV1VGT2QwUlBUakpTWW5BM2RIQjFkekJZTmdwcmF5c3dRVlozVm5wck16QXJUVTU2YldZMU1IRjNLMjg0TVRoaVpreFZSR3RoVGsxbVRGTTJTVEIzVVcwM1VrZG5LMDFuVmxKRWVUTkRkVmx4WmtsWENsa3llbmcyWXpkUWNYcEdjMVpXWmtseVlUQmlNSEZoZEU1c01WaElhamgwSzBkT2NXUmlhVEl2UmxGcVEzaHBiRlJPZFc1MFZETjJlVEpsVDBoUlNVUUtRVkZCUW05NVRYZEpWRUZQUW1kT1ZraFJPRUpCWmpoRlFrRk5RMEZ4VVhkRWQxbEVWbEl3VkVGUlNDOUNRVlYzUVhkRlFpOTZRVTVDWjJ0eGFHdHBSd281ZHpCQ1FWRnpSa0ZCVDBOQlVVVkJTVzFGYmtsWVZqTkVlVzFEY1RseFVEZHdLM1ZLTlRWMVpsaGthMUl5WjJoRVZWbHlWRlJqVUhkcVVqSnFWRWhoQ21sYVFTdG5PRzQyVVhKVmIwTkVObk42Unl0c2FHRnNOMmhRTm5oa1YzVlNhbGhHU0U4M1lrNTJOak5KY1VWSGVsSkVaM2MxWjNkamNWVlVXa1YyZDJjS1oyMTZOelU1ZHk5aFJtWXhWakV5YURGaFpsQnRRVGxGUnpWT1pFaDRjM2c1UVd4SUswWTJkSGx6Y0hCWGFGVTRXRVZSVlVGTFExQnFibmRWYlVzMGNBbzNaM1pVV25JeWVubzBibmRvV204elREZzVNRE54Y0hSamNURnNXalJQV1hORWIxaHZiREYxZW1GUlNEZ3llSGwzWlZOTFEwdFljRTlpYVhwbE5Wb3dDbmR3Ym1wa1JIVklPRGQ0TkhJMFRHcE5XbkIxTTNaWU5reHFRa1JOVUZkclNFaFFUalZCYVcweFNreDBOeTlTVEZCblZIUnFjMHBOY2xSQlV6ZG9aMW9LWmt0TVREbFJUVkZzTm5NeGNraEtORXRyTDJVM1MwYzRTRUUwYUVWT1JXaHJPVmxFWmxFOVBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnJTNEJTNEJTBBJTIwJTIwJTIwJTIwc2VydmVyJTNBJTIwaHR0cHMlM0ElMkYlMkZmb28uYmFyJTNBNjQ0MyUwQSUyMCUyMG5hbWUlM0ElMjBjJTBBY29udGV4dHMlM0ElMEEtJTIwY29udGV4dCUzQSUwQSUyMCUyMCUyMCUyMGNsdXN0ZXIlM0ElMjBjJTBBJTIwJTIwJTIwJTIwdXNlciUzQSUyMGMlMEElMjAlMjBuYW1lJTNBJTIwYyUwQWN1cnJlbnQtY29udGV4dCUzQSUyMGMlMEFraW5kJTNBJTIwQ29uZmlnJTBBcHJlZmVyZW5jZXMlM0ElMjAlN0IlN0QlMEF1c2VycyUzQSUwQS0lMjBuYW1lJTNBJTIwYyUwQSUyMCUyMHVzZXIlM0ElMEElMjAlMjAlMjAlMjB0b2tlbiUzQSUyMHRlc3QudGVzdCUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LnNlcnZpY2UiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlNUJVbml0JTVEJTBBQWZ0ZXIlM0Rkb2NrZXIuc2VydmljZSUwQVJlcXVpcmVzJTNEZG9ja2VyLnNlcnZpY2UlMEElMEFEZXNjcmlwdGlvbiUzRGt1YmVsZXQlM0ElMjBUaGUlMjBLdWJlcm5ldGVzJTIwTm9kZSUyMEFnZW50JTBBRG9jdW1lbnRhdGlvbiUzRGh0dHBzJTNBJTJGJTJGa3ViZXJuZXRlcy5pbyUyRmRvY3MlMkZob21lJTJGJTBBJTBBJTVCU2VydmljZSU1RCUwQVVzZXIlM0Ryb290JTBBUmVzdGFydCUzRGFsd2F5cyUwQVN0YXJ0TGltaXRJbnRlcnZhbCUzRDAlMEFSZXN0YXJ0U2VjJTNEMTAlMEFDUFVBY2NvdW50aW5nJTNEdHJ1ZSUwQU1lbW9yeUFjY291bnRpbmclM0R0cnVlJTBBJTBBRW52aXJvbm1lbnQlM0QlMjJQQVRIJTNEJTJGb3B0JTJGYmluJTNBJTJGYmluJTNBJTJGdXNyJTJGbG9jYWwlMkZzYmluJTNBJTJGdXNyJTJGbG9jYWwlMkZiaW4lM0ElMkZ1c3IlMkZzYmluJTNBJTJGdXNyJTJGYmluJTNBJTJGc2JpbiUyRiUyMiUwQUVudmlyb25tZW50RmlsZSUzRC0lMkZldGMlMkZlbnZpcm9ubWVudCUwQUVudmlyb25tZW50RmlsZSUzRCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZub2RlaXAuY29uZiUwQSUwQUV4ZWNTdGFydFByZSUzRCUyRmJpbiUyRmJhc2glMjAlMkZvcHQlMkZsb2FkLWtlcm5lbC1tb2R1bGVzLnNoJTBBRXhlY1N0YXJ0UHJlJTNEJTJGYmluJTJGYmFzaCUyMCUyRm9wdCUyRmJpbiUyRnNldHVwX25ldF9lbnYuc2glMEFFeGVjU3RhcnQlM0QlMkZvcHQlMkZiaW4lMkZrdWJlbGV0JTIwJTI0S1VCRUxFVF9FWFRSQV9BUkdTJTIwJTVDJTBBJTIwJTIwLS1ib290c3RyYXAta3ViZWNvbmZpZyUzRCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZib290c3RyYXAta3ViZWxldC5jb25mJTIwJTVDJTBBJTIwJTIwLS1rdWJlY29uZmlnJTNEJTJGdmFyJTJGbGliJTJGa3ViZWxldCUyRmt1YmVjb25maWclMjAlNUMlMEElMjAlMjAtLWNvbmZpZyUzRCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZrdWJlbGV0LmNvbmYlMjAlNUMlMEElMjAlMjAtLW5ldHdvcmstcGx1Z2luJTNEY25pJTIwJTVDJTBBJTIwJTIwLS1jZXJ0LWRpciUzRCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZwa2klMjAlNUMlMEElMjAlMjAtLWNsb3VkLXByb3ZpZGVyJTNEYXdzJTIwJTVDJTBBJTIwJTIwLS1jbG91ZC1jb25maWclM0QlMkZldGMlMkZrdWJlcm5ldGVzJTJGY2xvdWQtY29uZmlnJTIwJTVDJTBBJTIwJTIwLS1keW5hbWljLWNvbmZpZy1kaXIlM0QlMkZldGMlMkZrdWJlcm5ldGVzJTJGZHluYW1pYy1jb25maWctZGlyJTIwJTVDJTBBJTIwJTIwLS1mZWF0dXJlLWdhdGVzJTNERHluYW1pY0t1YmVsZXRDb25maWclM0R0cnVlJTIwJTVDJTBBJTIwJTIwLS1leGl0LW9uLWxvY2stY29udGVudGlvbiUyMCU1QyUwQSUyMCUyMC0tbG9jay1maWxlJTNEJTJGdG1wJTJGa3ViZWxldC5sb2NrJTIwJTVDJTBBJTIwJTIwLS1jb250YWluZXItcnVudGltZSUzRGRvY2tlciUyMCU1QyUwQSUyMCUyMC0tY29udGFpbmVyLXJ1bnRpbWUtZW5kcG9pbnQlM0R1bml4JTNBJTJGJTJGJTJGdmFyJTJGcnVuJTJGZG9ja2Vyc2hpbS5zb2NrJTIwJTVDJTBBJTIwJTIwLS1ub2RlLWlwJTIwJTI0JTdCS1VCRUxFVF9OT0RFX0lQJTdEJTBBJTBBJTVCSW5zdGFsbCU1RCUwQVdhbnRlZEJ5JTNEbXVsdGktdXNlci50YXJnZXQlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9ldGMva3ViZXJuZXRlcy9jbG91ZC1jb25maWciLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlNUJnbG9iYWwlNUQlMEFab25lJTNEJTIyZXUtY2VudHJhbC0xYiUyMiUwQVZQQyUzRCUyMmUtMTIzZiUyMiUwQVN1Ym5ldElEJTNEJTIydGVzdC1zdWJuZXQlMjIlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NDAwfSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9ldGMva3ViZXJuZXRlcy9rdWJlbGV0LmNvbmYiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOixhcGlWZXJzaW9uJTNBJTIwa3ViZWxldC5jb25maWcuazhzLmlvJTJGdjFiZXRhMSUwQWtpbmQlM0ElMjBLdWJlbGV0Q29uZmlndXJhdGlvbiUwQWF1dGhlbnRpY2F0aW9uJTNBJTBBJTIwJTIwYW5vbnltb3VzJTNBJTBBJTIwJTIwJTIwJTIwZW5hYmxlZCUzQSUyMGZhbHNlJTBBJTIwJTIwd2ViaG9vayUzQSUwQSUyMCUyMCUyMCUyMGVuYWJsZWQlM0ElMjB0cnVlJTBBJTIwJTIweDUwOSUzQSUwQSUyMCUyMCUyMCUyMGNsaWVudENBRmlsZSUzQSUyMCUyRmV0YyUyRmt1YmVybmV0ZXMlMkZwa2klMkZjYS5jcnQlMEFhdXRob3JpemF0aW9uJTNBJTBBJTIwJTIwbW9kZSUzQSUyMFdlYmhvb2slMEFjZ3JvdXBEcml2ZXIlM0ElMjBzeXN0ZW1kJTBBY2x1c3RlckROUyUzQSUwQS0lMjAlMjIxMC4wLjAuMCUyMiUwQWNsdXN0ZXJEb21haW4lM0ElMjBjbHVzdGVyLmxvY2FsJTBBZmVhdHVyZUdhdGVzJTNBJTBBJTIwJTIwR3JhY2VmdWxOb2RlU2h1dGRvd24lM0ElMjB0cnVlJTBBJTIwJTIwSWRlbnRpZnlQb2RPUyUzQSUyMGZhbHNlJTBBcHJvdGVjdEtlcm5lbERlZmF1bHRzJTNBJTIwdHJ1ZSUwQXJlYWRPbmx5UG9ydCUzQSUyMDAlMEFyb3RhdGVDZXJ0aWZpY2F0ZXMlM0ElMjB0cnVlJTBBc2VydmVyVExTQm9vdHN0cmFwJTNBJTIwdHJ1ZSUwQXN0YXRpY1BvZFBhdGglM0ElMjAlMkZldGMlMkZrdWJlcm5ldGVzJTJGbWFuaWZlc3RzJTBBa3ViZVJlc2VydmVkJTNBJTBBJTIwJTIwY3B1JTNBJTIwMjAwbSUwQSUyMCUyMGVwaGVtZXJhbC1zdG9yYWdlJTNBJTIwMUdpJTBBJTIwJTIwbWVtb3J5JTNBJTIwMjAwTWklMEFzeXN0ZW1SZXNlcnZlZCUzQSUwQSUyMCUyMGNwdSUzQSUyMDIwMG0lMEElMjAlMjBlcGhlbWVyYWwtc3RvcmFnZSUzQSUyMDFHaSUwQSUyMCUyMG1lbW9yeSUzQSUyMDIwME1pJTBBZXZpY3Rpb25IYXJkJTNBJTBBJTIwJTIwaW1hZ2Vmcy5hdmFpbGFibGUlM0ElMjAxNSUyNSUwQSUyMCUyMG1lbW9yeS5hdmFpbGFibGUlM0ElMjAxMDBNaSUwQSUyMCUyMG5vZGVmcy5hdmFpbGFibGUlM0ElMjAxMCUyNSUwQSUyMCUyMG5vZGVmcy5pbm9kZXNGcmVlJTNBJTIwNSUyNSUwQXRsc0NpcGhlclN1aXRlcyUzQSUwQS0lMjBUTFNfQUVTXzEyOF9HQ01fU0hBMjU2JTBBLSUyMFRMU19BRVNfMjU2X0dDTV9TSEEzODQlMEEtJTIwVExTX0NIQUNIQTIwX1BPTFkxMzA1X1NIQTI1NiUwQS0lMjBUTFNfRUNESEVfRUNEU0FfV0lUSF9BRVNfMTI4X0dDTV9TSEEyNTYlMEEtJTIwVExTX0VDREhFX0VDRFNBX1dJVEhfQUVTXzI1Nl9HQ01fU0hBMzg0JTBBLSUyMFRMU19FQ0RIRV9FQ0RTQV9XSVRIX0NIQUNIQTIwX1BPTFkxMzA1JTBBLSUyMFRMU19FQ0RIRV9SU0FfV0lUSF9BRVNfMTI4X0dDTV9TSEEyNTYlMEEtJTIwVExTX0VDREhFX1JTQV9XSVRIX0FFU18yNTZfR0NNX1NIQTM4NCUwQS0lMjBUTFNfRUNESEVfUlNBX1dJVEhfQ0hBQ0hBMjBfUE9MWTEzMDUlMEF2b2x1bWVQbHVnaW5EaXIlM0ElMjAlMkZ2YXIlMkZsaWIlMkZrdWJlbGV0JTJGdm9sdW1lcGx1Z2lucyUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LWhlYWx0aGNoZWNrLnNlcnZpY2UiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwlNUJVbml0JTVEJTBBUmVxdWlyZXMlM0RrdWJlbGV0LnNlcnZpY2UlMEFBZnRlciUzRGt1YmVsZXQuc2VydmljZSUwQSUwQSU1QlNlcnZpY2UlNUQlMEFFeGVjU3RhcnQlM0QlMkZvcHQlMkZiaW4lMkZoZWFsdGgtbW9uaXRvci5zaCUyMGt1YmVsZXQlMEElMEElNUJJbnN0YWxsJTVEJTBBV2FudGVkQnklM0RtdWx0aS11c2VyLnRhcmdldCUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL3Byb2Mvc3lzL2tlcm5lbC9wYW5pY19vbl9vb3BzIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosMSUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2NDR9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL3Byb2Mvc3lzL2tlcm5lbC9wYW5pYyIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LDEwJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvcHJvYy9zeXMvdm0vb3ZlcmNvbW1pdF9tZW1vcnkiLCJjb250ZW50cyI6eyJzb3VyY2UiOiJkYXRhOiwxJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvZXRjL3NzaC9zc2hkX2NvbmZpZyIsImNvbnRlbnRzIjp7InNvdXJjZSI6ImRhdGE6LCUyMyUyMFVzZSUyMG1vc3QlMjBkZWZhdWx0cyUyMGZvciUyMHNzaGQlMjBjb25maWd1cmF0aW9uLiUwQVN1YnN5c3RlbSUyMHNmdHAlMjBpbnRlcm5hbC1zZnRwJTBBQ2xpZW50QWxpdmVJbnRlcnZhbCUyMDE4MCUwQVVzZUROUyUyMG5vJTBBVXNlUEFNJTIweWVzJTBBUHJpbnRMYXN0TG9nJTIwbm8lMjAlMjMlMjBoYW5kbGVkJTIwYnklMjBQQU0lMEFQcmludE1vdGQlMjBubyUyMCUyMyUyMGhhbmRsZWQlMjBieSUyMFBBTSUwQVBhc3N3b3JkQXV0aGVudGljYXRpb24lMjBubyUwQUNoYWxsZW5nZVJlc3BvbnNlQXV0aGVudGljYXRpb24lMjBubyUwQSIsInZlcmlmaWNhdGlvbiI6e319LCJtb2RlIjo2MDB9LHsiZmlsZXN5c3RlbSI6InJvb3QiLCJwYXRoIjoiL2V0Yy9zeXN0ZW1kL3N5c3RlbS9jb250YWluZXJkLnNlcnZpY2UuZC9lbnZpcm9ubWVudC5jb25mIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosJTVCU2VydmljZSU1RCUwQVJlc3RhcnQlM0RhbHdheXMlMEFFbnZpcm9ubWVudEZpbGUlM0QtJTJGZXRjJTJGZW52aXJvbm1lbnQlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9ldGMvc3lzdGVtZC9zeXN0ZW0vZG9ja2VyLnNlcnZpY2UuZC9lbnZpcm9ubWVudC5jb25mIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosJTVCU2VydmljZSU1RCUwQVJlc3RhcnQlM0RhbHdheXMlMEFFbnZpcm9ubWVudEZpbGUlM0QtJTJGZXRjJTJGZW52aXJvbm1lbnQlMEEiLCJ2ZXJpZmljYXRpb24iOnt9fSwibW9kZSI6NjQ0fSx7ImZpbGVzeXN0ZW0iOiJyb290IiwicGF0aCI6Ii9ldGMvZG9ja2VyL2RhZW1vbi5qc29uIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosJTdCJTIyZXhlYy1vcHRzJTIyJTNBJTVCJTIybmF0aXZlLmNncm91cGRyaXZlciUzRHN5c3RlbWQlMjIlNUQlMkMlMjJzdG9yYWdlLWRyaXZlciUyMiUzQSUyMm92ZXJsYXkyJTIyJTJDJTIybG9nLWRyaXZlciUyMiUzQSUyMmpzb24tZmlsZSUyMiUyQyUyMmxvZy1vcHRzJTIyJTNBJTdCJTIybWF4LWZpbGUlMjIlM0ElMjI1JTIyJTJDJTIybWF4LXNpemUlMjIlM0ElMjIxMDBtJTIyJTdEJTJDJTIyaW5zZWN1cmUtcmVnaXN0cmllcyUyMiUzQSU1QiUyMjE5Mi4xNjguMTAwLjEwMCUzQTUwMDAlMjIlMkMlMjIxMC4wLjAuMSUzQTUwMDAlMjIlNUQlMkMlMjJyZWdpc3RyeS1taXJyb3JzJTIyJTNBJTVCJTIyaHR0cHMlM0ElMkYlMkZyZWdpc3RyeS5kb2NrZXItY24uY29tJTIyJTVEJTdEJTBBIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjY0NH0seyJmaWxlc3lzdGVtIjoicm9vdCIsInBhdGgiOiIvcm9vdC8uZG9ja2VyL2NvbmZpZy5qc29uIiwiY29udGVudHMiOnsic291cmNlIjoiZGF0YTosIiwidmVyaWZpY2F0aW9uIjp7fX0sIm1vZGUiOjYwMH1dfSwic3lzdGVtZCI6eyJ1bml0cyI6W3siY29udGVudHMiOiJbSW5zdGFsbF1cbldhbnRlZEJ5PW11bHRpLXVzZXIudGFyZ2V0XG5cbltVbml0XVxuUmVxdWlyZXM9ZG93bmxvYWQtc2NyaXB0LnNlcnZpY2VcblJlcXVpcmVzPW5vZGVpcC5zZXJ2aWNlXG5BZnRlcj1kb3dubG9hZC1zY3JpcHQuc2VydmljZVxuQWZ0ZXI9bm9kZWlwLnNlcnZpY2VcblxuW1NlcnZpY2VdXG5UeXBlPW9uZXNob3RcblJlbWFpbkFmdGVyRXhpdD10cnVlXG5FbnZpcm9ubWVudEZpbGU9LS9ldGMvZW52aXJvbm1lbnRcbkV4ZWNTdGFydD0vb3B0L2Jpbi9zZXR1cFxuIiwiZW5hYmxlZCI6dHJ1ZSwibmFtZSI6InNldHVwLnNlcnZpY2UifSx7ImNvbnRlbnRzIjoiW0luc3RhbGxdXG5XYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldFxuXG5bVW5pdF1cblJlcXVpcmVzPW5ldHdvcmstb25saW5lLnRhcmdldFxuQWZ0ZXI9bmV0d29yay1vbmxpbmUudGFyZ2V0XG5cbltTZXJ2aWNlXVxuVHlwZT1vbmVzaG90XG5SZW1haW5BZnRlckV4aXQ9dHJ1ZVxuRW52aXJvbm1lbnRGaWxlPS0vZXRjL2Vudmlyb25tZW50XG5FeGVjU3RhcnQ9L29wdC9iaW4vZG93bmxvYWQuc2hcbiIsImVuYWJsZWQiOnRydWUsIm5hbWUiOiJkb3dubG9hZC1zY3JpcHQuc2VydmljZSJ9LHsiY29udGVudHMiOiJbVW5pdF1cbkRlc2NyaXB0aW9uPVNldHVwIEt1YmVsZXQgTm9kZSBJUCBFbnZcblJlcXVpcmVzPW5ldHdvcmstb25saW5lLnRhcmdldFxuQWZ0ZXI9bmV0d29yay1vbmxpbmUudGFyZ2V0XG5cbltTZXJ2aWNlXVxuRXhlY1N0YXJ0PS9vcHQvYmluL3NldHVwX25ldF9lbnYuc2hcblJlbWFpbkFmdGVyRXhpdD15ZXNcblR5cGU9b25lc2hvdFxuW0luc3RhbGxdXG5XYW50ZWRCeT1tdWx0aS11c2VyLnRhcmdldFxuIiwiZW5hYmxlZCI6dHJ1ZSwibmFtZSI6Im5vZGVpcC5zZXJ2aWNlIn1dfX0= +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: flatcar-aws-docker-kube-system-provisioning-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-bootstrap.yaml b/pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-bootstrap.yaml index e69de29b..948cd44f 100644 --- a/pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-bootstrap.yaml +++ b/pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-bootstrap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiBubwpzc2hfYXV0aG9yaXplZF9rZXlzOgotICdzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFEQVFBQkFBQUNBUURkT0loWW16Q0s1RFNWTHUzYycKd3JpdGVfZmlsZXM6Ci0gcGF0aDogJy9vcHQvYmluL2Jvb3RzdHJhcCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZZbWx1TDJKaGMyZ0tjMlYwSUMxNFpYVnZJSEJwY0dWbVlXbHNDZ3BsZUhCdmNuUWdSRVZDU1VGT1gwWlNUMDVVUlU1RVBXNXZibWx1ZEdWeVlXTjBhWFpsQ21Gd2RDQjFjR1JoZEdVZ0ppWWdZWEIwSUdsdWMzUmhiR3dnTFhrZ1kzVnliQ0JxY1FwamRYSnNJQzF6SUMxcklDMTJJQzB0YUdWaFpHVnlJQ2RCZFhSb2IzSnBlbUYwYVc5dU9pQkNaV0Z5WlhJZ2RHOXdMWE5sWTNKbGRDY0phSFIwY0hNNkx5OW1iMjh1WW1GeU9qWTBORE12WVhCcEwzWXhMMjVoYldWemNHRmpaWE12WTJ4dmRXUXRhVzVwZEMxelpYUjBhVzVuY3k5elpXTnlaWFJ6TDJ0MVltVnNaWFF0WTI5dVptbG5kWEpoZEdsdmJpMXJkV0psTFhONWMzUmxiUzF3Y205MmFYTnBiMjVwYm1jdFkyOXVabWxuSUh3Z2FuRWdKeTVrWVhSaFd5SmpiRzkxWkMxamIyNW1hV2NpWFNjZ0xYSjhJR0poYzJVMk5DQXRaQ0ErSUM5bGRHTXZZMnh2ZFdRdlkyeHZkV1F1WTJabkxtUXZhM1ZpWld4bGRDMWpiMjVtYVdkMWNtRjBhVzl1TFd0MVltVXRjM2x6ZEdWdExYQnliM1pwYzJsdmJtbHVaeTFqYjI1bWFXY3VZMlpuQ21Oc2IzVmtMV2x1YVhRZ1kyeGxZVzRLWTJ4dmRXUXRhVzVwZENBdExXWnBiR1VnTDJWMFl5OWpiRzkxWkM5amJHOTFaQzVqWm1jdVpDOXJkV0psYkdWMExXTnZibVpwWjNWeVlYUnBiMjR0YTNWaVpTMXplWE4wWlcwdGNISnZkbWx6YVc5dWFXNW5MV052Ym1acFp5NWpabWNnYVc1cGRBcHplWE4wWlcxamRHd2daR0ZsYlc5dUxYSmxiRzloWkFvS2MzbHpkR1Z0WTNSc0lISmxjM1JoY25RZ2MyVjBkWEF1YzJWeWRtbGpaUW89CgotIHBhdGg6ICcvZXRjL3N5c3RlbWQvc3lzdGVtL2Jvb3RzdHJhcC5zZXJ2aWNlJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdlltbHVMMkpoYzJnS1cwbHVjM1JoYkd4ZENsZGhiblJsWkVKNVBXMTFiSFJwTFhWelpYSXVkR0Z5WjJWMENncGJWVzVwZEYwS1VtVnhkV2x5WlhNOWJtVjBkMjl5YXkxdmJteHBibVV1ZEdGeVoyVjBDa0ZtZEdWeVBXNWxkSGR2Y21zdGIyNXNhVzVsTG5SaGNtZGxkQXBiVTJWeWRtbGpaVjBLVkhsd1pUMXZibVZ6YUc5MENsSmxiV0ZwYmtGbWRHVnlSWGhwZEQxMGNuVmxDa1Y0WldOVGRHRnlkRDB2YjNCMEwySnBiaTlpYjI5MGMzUnlZWEFLCgpydW5jbWQ6Ci0gc3lzdGVtY3RsIHJlc3RhcnQgYm9vdHN0cmFwLnNlcnZpY2UKLSBzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZAo= +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: kubelet-configuration-kube-system-bootstrap-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-provisioning.yaml b/pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-provisioning.yaml index e69de29b..60264f31 100644 --- a/pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-kubelet-configuration-containerd-provisioning.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiBubwpzc2hfYXV0aG9yaXplZF9rZXlzOgotICdzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFEQVFBQkFBQUNBUURkT0loWW16Q0s1RFNWTHUzYycKd3JpdGVfZmlsZXM6Ci0gcGF0aDogJy9vcHQvYmluL2hlYWx0aC1tb25pdG9yLnNoJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdmRYTnlMMkpwYmk5bGJuWWdZbUZ6YUFvS0l5QkRiM0I1Y21sbmFIUWdNakF4TmlCVWFHVWdTM1ZpWlhKdVpYUmxjeUJCZFhSb2IzSnpMZ29qQ2lNZ1RHbGpaVzV6WldRZ2RXNWtaWElnZEdobElFRndZV05vWlNCTWFXTmxibk5sTENCV1pYSnphVzl1SURJdU1DQW9kR2hsSUNKTWFXTmxibk5sSWlrN0NpTWdlVzkxSUcxaGVTQnViM1FnZFhObElIUm9hWE1nWm1sc1pTQmxlR05sY0hRZ2FXNGdZMjl0Y0d4cFlXNWpaU0IzYVhSb0lIUm9aU0JNYVdObGJuTmxMZ29qSUZsdmRTQnRZWGtnYjJKMFlXbHVJR0VnWTI5d2VTQnZaaUIwYUdVZ1RHbGpaVzV6WlNCaGRBb2pDaU1nSUNBZ0lHaDBkSEE2THk5M2QzY3VZWEJoWTJobExtOXlaeTlzYVdObGJuTmxjeTlNU1VORlRsTkZMVEl1TUFvakNpTWdWVzVzWlhOeklISmxjWFZwY21Wa0lHSjVJR0Z3Y0d4cFkyRmliR1VnYkdGM0lHOXlJR0ZuY21WbFpDQjBieUJwYmlCM2NtbDBhVzVuTENCemIyWjBkMkZ5WlFvaklHUnBjM1J5YVdKMWRHVmtJSFZ1WkdWeUlIUm9aU0JNYVdObGJuTmxJR2x6SUdScGMzUnlhV0oxZEdWa0lHOXVJR0Z1SUNKQlV5QkpVeUlnUWtGVFNWTXNDaU1nVjBsVVNFOVZWQ0JYUVZKU1FVNVVTVVZUSUU5U0lFTlBUa1JKVkVsUFRsTWdUMFlnUVU1WklFdEpUa1FzSUdWcGRHaGxjaUJsZUhCeVpYTnpJRzl5SUdsdGNHeHBaV1F1Q2lNZ1UyVmxJSFJvWlNCTWFXTmxibk5sSUdadmNpQjBhR1VnYzNCbFkybG1hV01nYkdGdVozVmhaMlVnWjI5MlpYSnVhVzVuSUhCbGNtMXBjM05wYjI1eklHRnVaQW9qSUd4cGJXbDBZWFJwYjI1eklIVnVaR1Z5SUhSb1pTQk1hV05sYm5ObExnb0tJeUJVYUdseklITmpjbWx3ZENCcGN5Qm1iM0lnYldGemRHVnlJR0Z1WkNCdWIyUmxJR2x1YzNSaGJtTmxJR2hsWVd4MGFDQnRiMjVwZEc5eWFXNW5MQ0IzYUdsamFDQnBjd29qSUhCaFkydGxaQ0JwYmlCcmRXSmxMVzFoYm1sbVpYTjBJSFJoY21KaGJHd3VJRWwwSUdseklHVjRaV04xZEdWa0lIUm9jbTkxWjJnZ1lTQnplWE4wWlcxa0lITmxjblpwWTJVS0l5QnBiaUJqYkhWemRHVnlMMmRqWlM5blkya3ZQRzFoYzNSbGNpOXViMlJsUGk1NVlXMXNMaUJVYUdVZ1pXNTJJSFpoY21saFlteGxjeUJqYjIxbElHWnliMjBnWVc0Z1pXNTJDaU1nWm1sc1pTQndjbTkyYVdSbFpDQmllU0IwYUdVZ2MzbHpkR1Z0WkNCelpYSjJhV05sTGdvS0l5QlVhR2x6SUhOamNtbHdkQ0JwY3lCaElITnNhV2RvZEd4NUlHRmthblZ6ZEdWa0lIWmxjbk5wYjI0Z2IyWUtJeUJvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2YTNWaVpYSnVaWFJsY3k5cmRXSmxjbTVsZEdWekwySnNiMkl2WlRGaE1XRmhNakV4TWpJMFptTmtPV0l5TVRNME1qQmlPREJpTW1GbE5qZ3dOalk1TmpnelpDOWpiSFZ6ZEdWeUwyZGpaUzluWTJrdmFHVmhiSFJvTFcxdmJtbDBiM0l1YzJnS0l5QkJaR3AxYzNSdFpXNTBjeUJoY21VNkNpTWdLaUJMZFdKbGJHVjBJR2hsWVd4MGFDQndiM0owSUdseklERXdNalE0SUc1dmRDQXhNREkxTlFvaklDb2dVbVZ0YjNaaGJDQnZaaUJoYkd3Z1lXeHNJSEpsWm1WeVpXNWpaWE1nZEc4Z2RHaGxJRXRWUWtWZlJVNVdJR1pwYkdVS0NuTmxkQ0F0YnlCdWIzVnVjMlYwQ25ObGRDQXRieUJ3YVhCbFptRnBiQW9LSXlCWFpTQnphVzF3YkhrZ2EybHNiQ0IwYUdVZ2NISnZZMlZ6Y3lCM2FHVnVJSFJvWlhKbElHbHpJR0VnWm1GcGJIVnlaUzRnUVc1dmRHaGxjaUJ6ZVhOMFpXMWtJSE5sY25acFkyVWdkMmxzYkFvaklHRjFkRzl0WVhScFkyRnNiSGtnY21WemRHRnlkQ0IwYUdVZ2NISnZZMlZ6Y3k0S1puVnVZM1JwYjI0Z1kyOXVkR0ZwYm1WeVgzSjFiblJwYldWZmJXOXVhWFJ2Y21sdVp5Z3BJSHNLSUNCc2IyTmhiQ0F0Y2lCdFlYaGZZWFIwWlcxd2RITTlOUW9nSUd4dlkyRnNJR0YwZEdWdGNIUTlNUW9nSUd4dlkyRnNJQzF5SUdOdmJuUmhhVzVsY2w5eWRXNTBhVzFsWDI1aGJXVTlJaVI3UTA5T1ZFRkpUa1ZTWDFKVlRsUkpUVVZmVGtGTlJUb3RaRzlqYTJWeWZTSUtJQ0FqSUZkbElITjBhV3hzSUc1bFpXUWdkRzhnZFhObElDZGtiMk5yWlhJZ2NITW5JSGRvWlc0Z1kyOXVkR0ZwYm1WeUlISjFiblJwYldVZ2FYTWdJbVJ2WTJ0bGNpSXVJRlJvYVhNZ2FYTWdZbVZqWVhWelpRb2dJQ01nWkc5amEyVnljMmhwYlNCcGN5QnpkR2xzYkNCd1lYSjBJRzltSUd0MVltVnNaWFFnZEc5a1lYa3VJRmRvWlc0Z2EzVmlaV3hsZENCcGN5QmtiM2R1TENCamNtbGpkR3dnY0c5a2N3b2dJQ01nZDJsc2JDQmhiSE52SUdaaGFXd3NJR0Z1WkNCa2IyTnJaWElnZDJsc2JDQmlaU0JyYVd4c1pXUXVJRlJvYVhNZ2FYTWdkVzVrWlhOcGNtRmliR1VnWlhOd1pXTnBZV3hzZVNCM2FHVnVDaUFnSXlCa2IyTnJaWElnYkdsMlpTQnlaWE4wYjNKbElHbHpJR1JwYzJGaWJHVmtMZ29nSUd4dlkyRnNJR2hsWVd4MGFHTm9aV05yWDJOdmJXMWhibVE5SW1SdlkydGxjaUJ3Y3lJS0lDQnBaaUJiV3lBaUpIdERUMDVVUVVsT1JWSmZVbFZPVkVsTlJUb3RaRzlqYTJWeWZTSWdJVDBnSW1SdlkydGxjaUlnWFYwN0lIUm9aVzRLSUNBZ0lHaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUTlJbU55YVdOMGJDQndiMlJ6SWdvZ0lHWnBDaUFnSXlCRGIyNTBZV2x1WlhJZ2NuVnVkR2x0WlNCemRHRnlkSFZ3SUhSaGEyVnpJSFJwYldVdUlFMWhhMlVnYVc1cGRHbGhiQ0JoZEhSbGJYQjBjeUJpWldadmNtVWdjM1JoY25ScGJtY0tJQ0FqSUd0cGJHeHBibWNnZEdobElHTnZiblJoYVc1bGNpQnlkVzUwYVcxbExnb2dJSFZ1ZEdsc0lIUnBiV1Z2ZFhRZ05qQWdKSHRvWldGc2RHaGphR1ZqYTE5amIyMXRZVzVrZlNBK0lDOWtaWFl2Ym5Wc2JEc2daRzhLSUNBZ0lHbG1JQ2dvWVhSMFpXMXdkQ0E5UFNCdFlYaGZZWFIwWlcxd2RITXBLVHNnZEdobGJnb2dJQ0FnSUNCbFkyaHZJQ0pOWVhnZ1lYUjBaVzF3ZENBa2UyMWhlRjloZEhSbGJYQjBjMzBnY21WaFkyaGxaQ0VnVUhKdlkyVmxaR2x1WnlCMGJ5QnRiMjVwZEc5eUlHTnZiblJoYVc1bGNpQnlkVzUwYVcxbElHaGxZV3gwYUdsdVpYTnpMaUlLSUNBZ0lDQWdZbkpsWVdzS0lDQWdJR1pwQ2lBZ0lDQmxZMmh2SUNJa1lYUjBaVzF3ZENCcGJtbDBhV0ZzSUdGMGRHVnRjSFFnWENJa2UyaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUjlYQ0loSUZSeWVXbHVaeUJoWjJGcGJpQnBiaUFrWVhSMFpXMXdkQ0J6WldOdmJtUnpMaTR1SWdvZ0lDQWdjMnhsWlhBZ0lpUW9LRElnS2lvZ1lYUjBaVzF3ZENzcktTa2lDaUFnWkc5dVpRb2dJSGRvYVd4bElIUnlkV1U3SUdSdkNpQWdJQ0JwWmlBaElIUnBiV1Z2ZFhRZ05qQWdKSHRvWldGc2RHaGphR1ZqYTE5amIyMXRZVzVrZlNBK0lDOWtaWFl2Ym5Wc2JEc2dkR2hsYmdvZ0lDQWdJQ0JsWTJodklDSkRiMjUwWVdsdVpYSWdjblZ1ZEdsdFpTQWtlMk52Ym5SaGFXNWxjbDl5ZFc1MGFXMWxYMjVoYldWOUlHWmhhV3hsWkNFaUNpQWdJQ0FnSUdsbUlGdGJJQ0lrWTI5dWRHRnBibVZ5WDNKMWJuUnBiV1ZmYm1GdFpTSWdQVDBnSW1SdlkydGxjaUlnWFYwN0lIUm9aVzRLSUNBZ0lDQWdJQ0FqSUVSMWJYQWdjM1JoWTJzZ2IyWWdaRzlqYTJWeUlHUmhaVzF2YmlCbWIzSWdhVzUyWlhOMGFXZGhkR2x2Ymk0S0lDQWdJQ0FnSUNBaklFeHZaeUJtYVd4bElHNWhiV1VnYkc5dmEzTWdiR2xyWlNCbmIzSnZkWFJwYm1VdGMzUmhZMnR6TFZSSlRVVlRWRUZOVUNCaGJtUWdkMmxzYkNCaVpTQnpZWFpsWkNCMGJ3b2dJQ0FnSUNBZ0lDTWdkR2hsSUdWNFpXTWdjbTl2ZENCa2FYSmxZM1J2Y25rc0lIZG9hV05vSUdseklDOTJZWEl2Y25WdUwyUnZZMnRsY2k4Z2IyNGdWV0oxYm5SMUlHRnVaQ0JEVDFNdUNpQWdJQ0FnSUNBZ2NHdHBiR3dnTFZOSlIxVlRVakVnWkc5amEyVnlaQW9nSUNBZ0lDQm1hUW9nSUNBZ0lDQnplWE4wWlcxamRHd2dhMmxzYkNBdExXdHBiR3d0ZDJodlBXMWhhVzRnSWlSN1kyOXVkR0ZwYm1WeVgzSjFiblJwYldWZmJtRnRaWDBpQ2lBZ0lDQWdJQ01nVjJGcGRDQm1iM0lnWVNCM2FHbHNaU3dnWVhNZ2QyVWdaRzl1SjNRZ2QyRnVkQ0IwYnlCcmFXeHNJR2wwSUdGbllXbHVJR0psWm05eVpTQnBkQ0JwY3lCeVpXRnNiSGtnZFhBdUNpQWdJQ0FnSUhOc1pXVndJREV5TUFvZ0lDQWdaV3h6WlFvZ0lDQWdJQ0J6YkdWbGNDQWlKSHRUVEVWRlVGOVRSVU5QVGtSVGZTSUtJQ0FnSUdacENpQWdaRzl1WlFwOUNncG1kVzVqZEdsdmJpQnJkV0psYkdWMFgyMXZibWwwYjNKcGJtY29LU0I3Q2lBZ1pXTm9ieUFpVjJGcGRDQm1iM0lnTWlCdGFXNTFkR1Z6SUdadmNpQnJkV0psYkdWMElIUnZJR0psSUdaMWJtTjBhVzl1WVd3aUNpQWdjMnhsWlhBZ01USXdDaUFnYkc5allXd2dMWElnYldGNFgzTmxZMjl1WkhNOU1UQUtJQ0JzYjJOaGJDQnZkWFJ3ZFhROUlpSUtJQ0IzYUdsc1pTQjBjblZsT3lCa2J3b2dJQ0FnYkc5allXd2dabUZwYkdWa1BXWmhiSE5sQ2dvZ0lDQWdhV1lnYW05MWNtNWhiR04wYkNBdGRTQnJkV0psYkdWMElDMXVJREVnZkNCbmNtVndJQzF4SUNKMWMyVWdiMllnWTJ4dmMyVmtJRzVsZEhkdmNtc2dZMjl1Ym1WamRHbHZiaUk3SUhSb1pXNEtJQ0FnSUNBZ1ptRnBiR1ZrUFhSeWRXVUtJQ0FnSUNBZ1pXTm9ieUFpUzNWaVpXeGxkQ0J6ZEc5d2NHVmtJSEJ2YzNScGJtY2dibTlrWlNCemRHRjBkWE11SUZKbGMzUmhjblJwYm1jaUNpQWdJQ0JsYkdsbUlDRWdiM1YwY0hWMFBTUW9ZM1Z5YkNBdGJTQWlKSHR0WVhoZmMyVmpiMjVrYzMwaUlDMW1JQzF6SUMxVElHaDBkSEE2THk4eE1qY3VNQzR3TGpFNk1UQXlORGd2YUdWaGJIUm9laUF5UGlZeEtUc2dkR2hsYmdvZ0lDQWdJQ0JtWVdsc1pXUTlkSEoxWlFvZ0lDQWdJQ0FqSUZCeWFXNTBJSFJvWlNCeVpYTndiMjV6WlNCaGJtUXZiM0lnWlhKeWIzSnpMZ29nSUNBZ0lDQmxZMmh2SUNJa2IzVjBjSFYwSWdvZ0lDQWdabWtLQ2lBZ0lDQnBaaUJiV3lBaUpHWmhhV3hsWkNJZ1BUMGdJblJ5ZFdVaUlGMWRPeUIwYUdWdUNpQWdJQ0FnSUdWamFHOGdJa3QxWW1Wc1pYUWdhWE1nZFc1b1pXRnNkR2g1SVNJS0lDQWdJQ0FnYzNsemRHVnRZM1JzSUd0cGJHd2dhM1ZpWld4bGRBb2dJQ0FnSUNBaklGZGhhWFFnWm05eUlHRWdkMmhwYkdVc0lHRnpJSGRsSUdSdmJpZDBJSGRoYm5RZ2RHOGdhMmxzYkNCcGRDQmhaMkZwYmlCaVpXWnZjbVVnYVhRZ2FYTWdjbVZoYkd4NUlIVndMZ29nSUNBZ0lDQnpiR1ZsY0NBMk1Bb2dJQ0FnWld4elpRb2dJQ0FnSUNCemJHVmxjQ0FpSkh0VFRFVkZVRjlUUlVOUFRrUlRmU0lLSUNBZ0lHWnBDaUFnWkc5dVpRcDlDZ29qSXlNakl5TWpJeU1qSXlNakl5Qk5ZV2x1SUVaMWJtTjBhVzl1SUNNakl5TWpJeU1qSXlNakl5TWpJeU1LYVdZZ1cxc2dJaVFqSWlBdGJtVWdNU0JkWFRzZ2RHaGxiZ29nSUdWamFHOGdJbFZ6WVdkbE9pQm9aV0ZzZEdndGJXOXVhWFJ2Y2k1emFDQThZMjl1ZEdGcGJtVnlMWEoxYm5ScGJXVXZhM1ZpWld4bGRENGlDaUFnWlhocGRDQXhDbVpwQ2dwVFRFVkZVRjlUUlVOUFRrUlRQVEV3Q21OdmJYQnZibVZ1ZEQwa01RcGxZMmh2SUNKVGRHRnlkQ0JyZFdKbGNtNWxkR1Z6SUdobFlXeDBhQ0J0YjI1cGRHOXlhVzVuSUdadmNpQWtlMk52YlhCdmJtVnVkSDBpQ21sbUlGdGJJQ0lrZTJOdmJYQnZibVZ1ZEgwaUlEMDlJQ0pqYjI1MFlXbHVaWEl0Y25WdWRHbHRaU0lnWFYwN0lIUm9aVzRLSUNCamIyNTBZV2x1WlhKZmNuVnVkR2x0WlY5dGIyNXBkRzl5YVc1bkNtVnNhV1lnVzFzZ0lpUjdZMjl0Y0c5dVpXNTBmU0lnUFQwZ0ltdDFZbVZzWlhRaUlGMWRPeUIwYUdWdUNpQWdhM1ZpWld4bGRGOXRiMjVwZEc5eWFXNW5DbVZzYzJVS0lDQmxZMmh2SUNKSVpXRnNkR2dnYlc5dWFYUnZjbWx1WnlCbWIzSWdZMjl0Y0c5dVpXNTBJQ1I3WTI5dGNHOXVaVzUwZlNCcGN5QnViM1FnYzNWd2NHOXlkR1ZrSVNJS1pta0sKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9qb3VybmFsZC5jb25mLmQvbWF4X2Rpc2tfdXNlLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMHB2ZFhKdVlXeGRDbE41YzNSbGJVMWhlRlZ6WlQwMVJ3bz0KCi0gcGF0aDogJy9vcHQvbG9hZC1rZXJuZWwtbW9kdWxlcy5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZkWE55TDJKcGJpOWxibllnWW1GemFBcHpaWFFnTFdWMWJ5QndhWEJsWm1GcGJBb0tiVzlrY0hKdlltVWdhWEJmZG5NS2JXOWtjSEp2WW1VZ2FYQmZkbk5mY25JS2JXOWtjSEp2WW1VZ2FYQmZkbk5mZDNKeUNtMXZaSEJ5YjJKbElHbHdYM1p6WDNOb0NncHBaaUJ0YjJScGJtWnZJRzVtWDJOdmJtNTBjbUZqYTE5cGNIWTBJQ1krSUM5a1pYWXZiblZzYkRzZ2RHaGxiZ29nSUcxdlpIQnliMkpsSUc1bVgyTnZibTUwY21GamExOXBjSFkwQ21Wc2MyVUtJQ0J0YjJSd2NtOWlaU0J1Wmw5amIyNXVkSEpoWTJzS1pta0sKCi0gcGF0aDogJy9ldGMvc3lzY3RsLmQvazhzLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBibVYwTG1KeWFXUm5aUzVpY21sa1oyVXRibVl0WTJGc2JDMXBjRFowWVdKc1pYTWdQU0F4Q201bGRDNWljbWxrWjJVdVluSnBaR2RsTFc1bUxXTmhiR3d0YVhCMFlXSnNaWE1nUFNBeENtdGxjbTVsYkM1d1lXNXBZMTl2Ymw5dmIzQnpJRDBnTVFwclpYSnVaV3d1Y0dGdWFXTWdQU0F4TUFwdVpYUXVhWEIyTkM1cGNGOW1iM0ozWVhKa0lEMGdNUXAyYlM1dmRtVnlZMjl0YldsMFgyMWxiVzl5ZVNBOUlERUtabk11YVc1dmRHbG1lUzV0WVhoZmRYTmxjbDkzWVhSamFHVnpJRDBnTVRBME9EVTNOZ3BtY3k1cGJtOTBhV1o1TG0xaGVGOTFjMlZ5WDJsdWMzUmhibU5sY3lBOUlEZ3hPVElLCgotIHBhdGg6ICcvZXRjL2RlZmF1bHQvZ3J1Yi5kLzYwLXN3YXAtYWNjb3VudGluZy5jZmcnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUJCWkdSbFpDQmllU0JyZFdKbGNtMWhkR2xqSUcxaFkyaHBibVV0WTI5dWRISnZiR3hsY2dvaklFVnVZV0pzWlNCalozSnZkWEJ6SUcxbGJXOXllU0JoYm1RZ2MzZGhjQ0JoWTJOdmRXNTBhVzVuQ2tkU1ZVSmZRMDFFVEVsT1JWOU1TVTVWV0QwaVkyZHliM1Z3WDJWdVlXSnNaVDF0WlcxdmNua2djM2RoY0dGalkyOTFiblE5TVNJSwoKLSBwYXRoOiAnL29wdC9iaW4vc2V0dXAnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2WW1sdUwySmhjMmdLYzJWMElDMTRaWFZ2SUhCcGNHVm1ZV2xzQ21sbUlITjVjM1JsYldOMGJDQnBjeTFoWTNScGRtVWdkV1ozT3lCMGFHVnVJSE41YzNSbGJXTjBiQ0J6ZEc5d0lIVm1kenNnWm1rS2MzbHpkR1Z0WTNSc0lHMWhjMnNnZFdaM0NuTjVjM1JsYldOMGJDQnlaWE4wWVhKMElITjVjM1JsYldRdGJXOWtkV3hsY3kxc2IyRmtMbk5sY25acFkyVUtjM2x6WTNSc0lDMHRjM2x6ZEdWdENncGhjSFF0WjJWMElIVndaR0YwWlFvS1JFVkNTVUZPWDBaU1QwNVVSVTVFUFc1dmJtbHVkR1Z5WVdOMGFYWmxJR0Z3ZEMxblpYUWdMVzhnUkhCclp6bzZUM0IwYVc5dWN6bzZQU0l0TFdadmNtTmxMV052Ym1aa1pXWWlJQzF2SUVSd2EyYzZPazl3ZEdsdmJuTTZPajBpTFMxbWIzSmpaUzFqYjI1bWIyeGtJaUJwYm5OMFlXeHNJQzE1SUZ3S0lDQmpkWEpzSUZ3S0lDQmpZUzFqWlhKMGFXWnBZMkYwWlhNZ1hBb2dJR05sY0dndFkyOXRiVzl1SUZ3S0lDQmphV1p6TFhWMGFXeHpJRndLSUNCamIyNXVkSEpoWTJzZ1hBb2dJR1V5Wm5Od2NtOW5jeUJjQ2lBZ1pXSjBZV0pzWlhNZ1hBb2dJR1YwYUhSdmIyd2dYQW9nSUdkc2RYTjBaWEptY3kxamJHbGxiblFnWEFvZ0lHbHdkR0ZpYkdWeklGd0tJQ0JxY1NCY0NpQWdhMjF2WkNCY0NpQWdiM0JsYm5OemFDMWpiR2xsYm5RZ1hBb2dJRzVtY3kxamIyMXRiMjRnWEFvZ0lITnZZMkYwSUZ3S0lDQjFkR2xzTFd4cGJuVjRJRndLSUNCcGNIWnpZV1J0Q21Gd2RDMW5aWFFnZFhCa1lYUmxDbUZ3ZEMxblpYUWdhVzV6ZEdGc2JDQXRlU0JoY0hRdGRISmhibk53YjNKMExXaDBkSEJ6SUdOaExXTmxjblJwWm1sallYUmxjeUJqZFhKc0lITnZablIzWVhKbExYQnliM0JsY25ScFpYTXRZMjl0Ylc5dUlHeHpZaTF5Wld4bFlYTmxDbU4xY213Z0xXWnpVMHdnYUhSMGNITTZMeTlrYjNkdWJHOWhaQzVrYjJOclpYSXVZMjl0TDJ4cGJuVjRMM1ZpZFc1MGRTOW5jR2NnZkNCaGNIUXRhMlY1SUdGa1pDQXRDbUZrWkMxaGNIUXRjbVZ3YjNOcGRHOXllU0FpWkdWaUlHaDBkSEJ6T2k4dlpHOTNibXh2WVdRdVpHOWphMlZ5TG1OdmJTOXNhVzUxZUM5MVluVnVkSFVnSkNoc2MySmZjbVZzWldGelpTQXRZM01wSUhOMFlXSnNaU0lLQ21Gd2RDMW5aWFFnYVc1emRHRnNiQ0F0ZVNBdExXRnNiRzkzTFdSdmQyNW5jbUZrWlhNZ1kyOXVkR0ZwYm1WeVpDNXBiejB4TGpVcUNtRndkQzF0WVhKcklHaHZiR1FnWTI5dWRHRnBibVZ5WkM1cGJ3b0tjM2x6ZEdWdFkzUnNJR1JoWlcxdmJpMXlaV3h2WVdRS2MzbHpkR1Z0WTNSc0lHVnVZV0pzWlNBdExXNXZkeUJqYjI1MFlXbHVaWEprQ2dwdmNIUmZZbWx1UFM5dmNIUXZZbWx1Q25WemNsOXNiMk5oYkY5aWFXNDlMM1Z6Y2k5c2IyTmhiQzlpYVc0S1kyNXBYMkpwYmw5a2FYSTlMMjl3ZEM5amJta3ZZbWx1Q20xclpHbHlJQzF3SUM5bGRHTXZZMjVwTDI1bGRDNWtJQzlsZEdNdmEzVmlaWEp1WlhSbGN5OXRZVzVwWm1WemRITWdJaVJ2Y0hSZlltbHVJaUFpSkdOdWFWOWlhVzVmWkdseUlncHRhMlJwY2lBdGNDQXZaWFJqTDJ0MVltVnlibVYwWlhNdlpIbHVZVzFwWXkxamIyNW1hV2N0WkdseUNtRnlZMmc5Skh0SVQxTlVYMEZTUTBndGZRcHBaaUJiSUMxNklDSWtZWEpqYUNJZ1hRcDBhR1Z1Q21OaGMyVWdKQ2gxYm1GdFpTQXRiU2tnYVc0S2VEZzJYelkwS1FvZ0lDQWdZWEpqYUQwaVlXMWtOalFpQ2lBZ0lDQTdPd3BoWVhKamFEWTBLUW9nSUNBZ1lYSmphRDBpWVhKdE5qUWlDaUFnSUNBN093b3FLUW9nSUNBZ1pXTm9ieUFpZFc1emRYQndiM0owWldRZ1ExQlZJR0Z5WTJocGRHVmpkSFZ5WlN3Z1pYaHBkR2x1WnlJS0lDQWdJR1Y0YVhRZ01Rb2dJQ0FnT3pzS1pYTmhZd3BtYVFwRFRrbGZWa1ZTVTBsUFRqMGlKSHREVGtsZlZrVlNVMGxQVGpvdGRqQXVPQzQzZlNJS1kyNXBYMkpoYzJWZmRYSnNQU0pvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2WTI5dWRHRnBibVZ5Ym1WMGQyOXlhMmx1Wnk5d2JIVm5hVzV6TDNKbGJHVmhjMlZ6TDJSdmQyNXNiMkZrTHlSRFRrbGZWa1ZTVTBsUFRpSUtZMjVwWDJacGJHVnVZVzFsUFNKamJta3RjR3gxWjJsdWN5MXNhVzUxZUMwa1lYSmphQzBrUTA1SlgxWkZVbE5KVDA0dWRHZDZJZ3BqZFhKc0lDMU1abThnSWlSamJtbGZZbWx1WDJScGNpOGtZMjVwWDJacGJHVnVZVzFsSWlBaUpHTnVhVjlpWVhObFgzVnliQzhrWTI1cFgyWnBiR1Z1WVcxbElncGpibWxmYzNWdFBTUW9ZM1Z5YkNBdFRHWWdJaVJqYm1sZlltRnpaVjkxY213dkpHTnVhVjltYVd4bGJtRnRaUzV6YUdFeU5UWWlLUXBqWkNBaUpHTnVhVjlpYVc1ZlpHbHlJZ3B6YUdFeU5UWnpkVzBnTFdNZ1BEdzhJaVJqYm1sZmMzVnRJZ3AwWVhJZ2VIWm1JQ0lrWTI1cFgyWnBiR1Z1WVcxbElncHliU0F0WmlBaUpHTnVhVjltYVd4bGJtRnRaU0lLWTJRZ0xRcERVa2xmVkU5UFRGTmZVa1ZNUlVGVFJUMGlKSHREVWtsZlZFOVBURk5mVWtWTVJVRlRSVG90ZGpFdU1qSXVNSDBpQ21OeWFWOTBiMjlzYzE5aVlYTmxYM1Z5YkQwaWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwydDFZbVZ5Ym1WMFpYTXRjMmxuY3k5amNta3RkRzl2YkhNdmNtVnNaV0Z6WlhNdlpHOTNibXh2WVdRdkpIdERVa2xmVkU5UFRGTmZVa1ZNUlVGVFJYMGlDbU55YVY5MGIyOXNjMTltYVd4bGJtRnRaVDBpWTNKcFkzUnNMU1I3UTFKSlgxUlBUMHhUWDFKRlRFVkJVMFY5TFd4cGJuVjRMU1I3WVhKamFIMHVkR0Z5TG1kNklncGpkWEpzSUMxTVptOGdJaVJ2Y0hSZlltbHVMeVJqY21sZmRHOXZiSE5mWm1sc1pXNWhiV1VpSUNJa1kzSnBYM1J2YjJ4elgySmhjMlZmZFhKc0x5UmpjbWxmZEc5dmJITmZabWxzWlc1aGJXVWlDbU55YVY5MGIyOXNjMTl6ZFcwOUpDaGpkWEpzSUMxTVppQWlKR055YVY5MGIyOXNjMTlpWVhObFgzVnliQzhrWTNKcFgzUnZiMnh6WDJacGJHVnVZVzFsTG5Ob1lUSTFOaUlnZkNCelpXUWdKM012WENwY0x5OHZKeWtLWTJRZ0lpUnZjSFJmWW1sdUlncHphR0V5TlRaemRXMGdMV01nUER3OElpUmpjbWxmZEc5dmJITmZjM1Z0SWdwMFlYSWdlSFptSUNJa1kzSnBYM1J2YjJ4elgyWnBiR1Z1WVcxbElncHliU0F0WmlBaUpHTnlhVjkwYjI5c2MxOW1hV3hsYm1GdFpTSUtiRzRnTFhObUlDSWtiM0IwWDJKcGJpOWpjbWxqZEd3aUlDSWtkWE55WDJ4dlkyRnNYMkpwYmlJdlkzSnBZM1JzSUh4OElHVmphRzhnSW5ONWJXSnZiR2xqSUd4cGJtc2dhWE1nYzJ0cGNIQmxaQ0lLWTJRZ0xRcExWVUpGWDFaRlVsTkpUMDQ5SWlSN1MxVkNSVjlXUlZKVFNVOU9PaTEyTVM0eU1pNHlmU0lLYTNWaVpWOWthWEk5SWlSdmNIUmZZbWx1TDJ0MVltVnlibVYwWlhNdEpFdFZRa1ZmVmtWU1UwbFBUaUlLYTNWaVpWOWlZWE5sWDNWeWJEMGlhSFIwY0hNNkx5OXpkRzl5WVdkbExtZHZiMmRzWldGd2FYTXVZMjl0TDJ0MVltVnlibVYwWlhNdGNtVnNaV0Z6WlM5eVpXeGxZWE5sTHlSTFZVSkZYMVpGVWxOSlQwNHZZbWx1TDJ4cGJuVjRMeVJoY21Ob0lncHJkV0psWDNOMWJWOW1hV3hsUFNJa2EzVmlaVjlrYVhJdmMyaGhNalUySWdwdGEyUnBjaUF0Y0NBaUpHdDFZbVZmWkdseUlnbzZJRDRpSkd0MVltVmZjM1Z0WDJacGJHVWlDZ3BtYjNJZ1ltbHVJR2x1SUd0MVltVnNaWFFnYTNWaVpXRmtiU0JyZFdKbFkzUnNPeUJrYndvZ0lDQWdZM1Z5YkNBdFRHWnZJQ0lrYTNWaVpWOWthWEl2SkdKcGJpSWdJaVJyZFdKbFgySmhjMlZmZFhKc0x5UmlhVzRpQ2lBZ0lDQmphRzF2WkNBcmVDQWlKR3QxWW1WZlpHbHlMeVJpYVc0aUNpQWdJQ0J6ZFcwOUpDaGpkWEpzSUMxTVppQWlKR3QxWW1WZlltRnpaVjkxY213dkpHSnBiaTV6YUdFeU5UWWlLUW9nSUNBZ1pXTm9ieUFpSkhOMWJTQWdKR3QxWW1WZlpHbHlMeVJpYVc0aUlENCtJaVJyZFdKbFgzTjFiVjltYVd4bElncGtiMjVsQ25Ob1lUSTFObk4xYlNBdFl5QWlKR3QxWW1WZmMzVnRYMlpwYkdVaUNncG1iM0lnWW1sdUlHbHVJR3QxWW1Wc1pYUWdhM1ZpWldGa2JTQnJkV0psWTNSc095Qmtid29nSUNBZ2JHNGdMWE5tSUNJa2EzVmlaVjlrYVhJdkpHSnBiaUlnSWlSdmNIUmZZbWx1SWk4a1ltbHVDbVJ2Ym1VS0NpTWdjMlYwSUd0MVltVnNaWFFnYm05a1pXbHdJR1Z1ZG1seWIyNXRaVzUwSUhaaGNtbGhZbXhsQ2k5dmNIUXZZbWx1TDNObGRIVndYMjVsZEY5bGJuWXVjMmdLQ25ONWMzUmxiV04wYkNCbGJtRmliR1VnTFMxdWIzY2dhM1ZpWld4bGRBcHplWE4wWlcxamRHd2daVzVoWW14bElDMHRibTkzSUMwdGJtOHRZbXh2WTJzZ2EzVmlaV3hsZEMxb1pXRnNkR2hqYUdWamF5NXpaWEoyYVdObENnPT0KCi0gcGF0aDogJy9vcHQvYmluL3N1cGVydmlzZS5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZZbWx1TDJKaGMyZ0tjMlYwSUMxNFpYVnZJSEJwY0dWbVlXbHNDbmRvYVd4bElDRWdJaVJBSWpzZ1pHOEtJQ0J6YkdWbGNDQXhDbVJ2Ym1VSwoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LnNlcnZpY2UnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMVZ1YVhSZENrRm1kR1Z5UFdOdmJuUmhhVzVsY21RdWMyVnlkbWxqWlFwU1pYRjFhWEpsY3oxamIyNTBZV2x1WlhKa0xuTmxjblpwWTJVS0NrUmxjMk55YVhCMGFXOXVQV3QxWW1Wc1pYUTZJRlJvWlNCTGRXSmxjbTVsZEdWeklFNXZaR1VnUVdkbGJuUUtSRzlqZFcxbGJuUmhkR2x2Ymoxb2RIUndjem92TDJ0MVltVnlibVYwWlhNdWFXOHZaRzlqY3k5b2IyMWxMd29LVzFObGNuWnBZMlZkQ2xWelpYSTljbTl2ZEFwU1pYTjBZWEowUFdGc2QyRjVjd3BUZEdGeWRFeHBiV2wwU1c1MFpYSjJZV3c5TUFwU1pYTjBZWEowVTJWalBURXdDa05RVlVGalkyOTFiblJwYm1jOWRISjFaUXBOWlcxdmNubEJZMk52ZFc1MGFXNW5QWFJ5ZFdVS0NrVnVkbWx5YjI1dFpXNTBQU0pRUVZSSVBTOXZjSFF2WW1sdU9pOWlhVzQ2TDNWemNpOXNiMk5oYkM5elltbHVPaTkxYzNJdmJHOWpZV3d2WW1sdU9pOTFjM0l2YzJKcGJqb3ZkWE55TDJKcGJqb3ZjMkpwYmk4aUNrVnVkbWx5YjI1dFpXNTBSbWxzWlQwdEwyVjBZeTlsYm5acGNtOXViV1Z1ZEFvS1JYaGxZMU4wWVhKMFVISmxQUzlpYVc0dlltRnphQ0F2YjNCMEwyUnBjMkZpYkdVdGMzZGhjQzV6YUFwRmVHVmpVM1JoY25SUWNtVTlMMkpwYmk5aVlYTm9JQzl2Y0hRdmJHOWhaQzFyWlhKdVpXd3RiVzlrZFd4bGN5NXphQXBGZUdWalUzUmhjblJRY21VOUwySnBiaTlpWVhOb0lDOXZjSFF2WW1sdUwzTmxkSFZ3WDI1bGRGOWxibll1YzJnS1JYaGxZMU4wWVhKMFBTOXZjSFF2WW1sdUwydDFZbVZzWlhRZ0pFdFZRa1ZNUlZSZlJWaFVVa0ZmUVZKSFV5QmNDaUFnTFMxaWIyOTBjM1J5WVhBdGEzVmlaV052Ym1acFp6MHZaWFJqTDJ0MVltVnlibVYwWlhNdlltOXZkSE4wY21Gd0xXdDFZbVZzWlhRdVkyOXVaaUJjQ2lBZ0xTMXJkV0psWTI5dVptbG5QUzkyWVhJdmJHbGlMMnQxWW1Wc1pYUXZhM1ZpWldOdmJtWnBaeUJjQ2lBZ0xTMWpiMjVtYVdjOUwyVjBZeTlyZFdKbGNtNWxkR1Z6TDJ0MVltVnNaWFF1WTI5dVppQmNDaUFnTFMxdVpYUjNiM0pyTFhCc2RXZHBiajFqYm1rZ1hBb2dJQzB0WTJWeWRDMWthWEk5TDJWMFl5OXJkV0psY201bGRHVnpMM0JyYVNCY0NpQWdMUzFqYkc5MVpDMXdjbTkyYVdSbGNqMWhkM01nWEFvZ0lDMHRZMnh2ZFdRdFkyOXVabWxuUFM5bGRHTXZhM1ZpWlhKdVpYUmxjeTlqYkc5MVpDMWpiMjVtYVdjZ1hBb2dJQzB0WkhsdVlXMXBZeTFqYjI1bWFXY3RaR2x5UFM5bGRHTXZhM1ZpWlhKdVpYUmxjeTlrZVc1aGJXbGpMV052Ym1acFp5MWthWElnWEFvZ0lDMHRabVZoZEhWeVpTMW5ZWFJsY3oxRWVXNWhiV2xqUzNWaVpXeGxkRU52Ym1acFp6MTBjblZsSUZ3S0lDQXRMV1Y0YVhRdGIyNHRiRzlqYXkxamIyNTBaVzUwYVc5dUlGd0tJQ0F0TFd4dlkyc3RabWxzWlQwdmRHMXdMMnQxWW1Wc1pYUXViRzlqYXlCY0NpQWdMUzFqYjI1MFlXbHVaWEl0Y25WdWRHbHRaVDF5WlcxdmRHVWdYQW9nSUMwdFkyOXVkR0ZwYm1WeUxYSjFiblJwYldVdFpXNWtjRzlwYm5ROWRXNXBlRG92THk5eWRXNHZZMjl1ZEdGcGJtVnlaQzlqYjI1MFlXbHVaWEprTG5Odlkyc2dYQW9nSUMwdGJtOWtaUzFwY0NBa2UwdFZRa1ZNUlZSZlRrOUVSVjlKVUgwS0NsdEpibk4wWVd4c1hRcFhZVzUwWldSQ2VUMXRkV3gwYVMxMWMyVnlMblJoY21kbGRBbz0KCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0va3ViZWxldC5zZXJ2aWNlLmQvZXh0cmFzLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMU5sY25acFkyVmRDa1Z1ZG1seWIyNXRaVzUwUFNKTFZVSkZURVZVWDBWWVZGSkJYMEZTUjFNOUxTMXlaWE52YkhZdFkyOXVaajB2Y25WdUwzTjVjM1JsYldRdmNtVnpiMngyWlM5eVpYTnZiSFl1WTI5dVppSUsKCi0gcGF0aDogJy9ldGMva3ViZXJuZXRlcy9jbG91ZC1jb25maWcnCiAgcGVybWlzc2lvbnM6ICcwNjAwJwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMmRzYjJKaGJGMEtXbTl1WlQwaVpYVXRZMlZ1ZEhKaGJDMHhZaUlLVmxCRFBTSmxMVEV5TTJZaUNsTjFZbTVsZEVsRVBTSjBaWE4wTFhOMVltNWxkQ0lLQ2c9PQoKLSBwYXRoOiAnL29wdC9iaW4vc2V0dXBfbmV0X2Vudi5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZkWE55TDJKcGJpOWxibllnWW1GemFBcGxZMmh2WkdGMFpTZ3BJSHNLSUNCbFkyaHZJQ0piSkNoa1lYUmxJQzFKY3lsZElpQWlKRUFpQ24wS0NpTWdaMlYwSUhSb1pTQmtaV1poZFd4MElHbHVkR1Z5Wm1GalpTQkpVQ0JoWkdSeVpYTnpDa1JGUmtGVlRGUmZTVVpEWDBsUVBTUW9hWEFnTFc4Z0lISnZkWFJsSUdkbGRDQXhJSHdnWjNKbGNDQXRiMUFnSW5OeVl5QmNTMXhUS3lJcENncHBaaUJiSUMxNklDSWtlMFJGUmtGVlRGUmZTVVpEWDBsUWZTSWdYUXAwYUdWdUNpQWdaV05vYjJSaGRHVWdJa1poYVd4bFpDQjBieUJuWlhRZ1NWQWdZV1JrY21WemN5Qm1iM0lnZEdobElHUmxabUYxYkhRZ2NtOTFkR1VnYVc1MFpYSm1ZV05sSWdvZ0lHVjRhWFFnTVFwbWFRb0tDaU1nWjJWMElIUm9aU0JtZFd4c0lHaHZjM1J1WVcxbENrWlZURXhmU0U5VFZFNUJUVVU5SkNob2IzTjBibUZ0WlNBdFppa0tJeUJwWmlBdlpYUmpMMmh2YzNSdVlXMWxJR2x6SUc1dmRDQmxiWEIwZVNCMGFHVnVJSFZ6WlNCMGFHVWdhRzl6ZEc1aGJXVWdabkp2YlNCMGFHVnlaUXBwWmlCYklDMXpJQzlsZEdNdmFHOXpkRzVoYldVZ1hUc2dkR2hsYmdvZ0lFWlZURXhmU0U5VFZFNUJUVVU5SkNoallYUWdMMlYwWXk5b2IzTjBibUZ0WlNrS1pta0tDaU1nZDNKcGRHVWdkR2hsSUc1dlpHVnBjRjlsYm5ZZ1ptbHNaUW9qSUhkbElHNWxaV1FnZEdobElHeHBibVVnWW1Wc2IzY2dZbVZqWVhWelpTQm1iR0YwWTJGeUlHaGhjeUIwYUdVZ2MyRnRaU0J6ZEhKcGJtY2dJbU52Y21WdmN5SWdhVzRnZEdoaGRDQm1hV3hsQ21sbUlHZHlaWEFnTFhFZ1kyOXlaVzl6SUM5bGRHTXZiM010Y21Wc1pXRnpaUXAwYUdWdUNpQWdaV05vYnlBaVMxVkNSVXhGVkY5T1QwUkZYMGxRUFNSN1JFVkdRVlZNVkY5SlJrTmZTVkI5WEc1TFZVSkZURVZVWDBoUFUxUk9RVTFGUFNSN1JsVk1URjlJVDFOVVRrRk5SWDBpSUQ0Z0wyVjBZeTlyZFdKbGNtNWxkR1Z6TDI1dlpHVnBjQzVqYjI1bUNtVnNhV1lnV3lBaElDMWtJQzlsZEdNdmMzbHpkR1Z0WkM5emVYTjBaVzB2YTNWaVpXeGxkQzV6WlhKMmFXTmxMbVFnWFFwMGFHVnVDaUFnWldOb2IyUmhkR1VnSWtOaGJpZDBJR1pwYm1RZ2EzVmlaV3hsZENCelpYSjJhV05sSUdWNGRISmhjeUJrYVhKbFkzUnZjbmtpQ2lBZ1pYaHBkQ0F4Q21Wc2MyVUtJQ0JsWTJodklDMWxJQ0piVTJWeWRtbGpaVjFjYmtWdWRtbHliMjV0Wlc1MFBWd2lTMVZDUlV4RlZGOU9UMFJGWDBsUVBTUjdSRVZHUVZWTVZGOUpSa05mU1ZCOVhDSmNia1Z1ZG1seWIyNXRaVzUwUFZ3aVMxVkNSVXhGVkY5SVQxTlVUa0ZOUlQwa2UwWlZURXhmU0U5VFZFNUJUVVY5WENJaUlENGdMMlYwWXk5emVYTjBaVzFrTDNONWMzUmxiUzlyZFdKbGJHVjBMbk5sY25acFkyVXVaQzl1YjJSbGFYQXVZMjl1WmdwbWFRbz0KCi0gcGF0aDogJy9ldGMva3ViZXJuZXRlcy9wa2kvY2EuY3J0JwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVVlhha05EUVRCTFowRjNTVUpCWjBsS1FVeG1VbXhYYzBrNFdWRklUVUV3UjBOVGNVZFRTV0l6UkZGRlFrSlJWVUZOU0hONFEzcEJTa0puVGxZS1FrRlpWRUZzVmxSTlVYTjNRMUZaUkZaUlVVbEZkMHBFVVZSRlYwMUNVVWRCTVZWRlFuaE5UbFV5Um5WSlJWcDVXVmMxYW1GWVRtcGlla1ZWVFVKSlJ3cEJNVlZGUTJoTlRGRnVTbWhhUjFwd1pFaHdjR0p0VFhoRmFrRlJRbWRPVmtKQlRWUkRWM2gyV1RKR2MyRkhPWHBrUkVWa1RVSnpSME5UY1VkVFNXSXpDa1JSUlVwQlVsbFBXVzVLYUZwRlFtdFpWelZ1V1ZNMWFtSXlNSGRJYUdOT1RWUlJkMDU2UlRGTmFrRXdUbXBCTVZkb1kwNU5WR04zVGxSQk1FMXFRVEFLVG1wQk1WZHFRamROVVhOM1ExRlpSRlpSVVVkRmQwcFdWWHBGVEUxQmEwZEJNVlZGUTBKTlExRXdSWGhHYWtGVlFtZE9Wa0pCWTFSRVZrNW9ZbWxDUndwamJVWjFXVEpzZWxreU9IaEdSRUZUUW1kT1ZrSkJiMVJETUVwNVdWZFNiV0ZZVWpaaFZ6VnFUVkpKZDBWQldVUldVVkZFUlhkc2MySXlUbWhpUjJoMkNtTXpVWGhJVkVGaVFtZHJjV2hyYVVjNWR6QkNRMUZGVjBSdFNubFpWMUpCV2tkR2RWb3lSWFZaTWpsMFRVbEpRa2xxUVU1Q1oydHhhR3RwUnpsM01FSUtRVkZGUmtGQlQwTkJVVGhCVFVsSlFrTm5TME5CVVVWQmREVm1RV3B3TkdaVVkyVnJWMVZVWm5wemNEQnJlV2xvTVU5WlluTkhUREJMV0RGbFVtSlRVd3BTT0U5a01DczVVVFl5U0hsdWVTdEhSbmROVkdJMFFTOUxWVGh0YzNOdlNIWmpZMlZUUVVGaWQyWmllRVpMTHl0ek5URlViMkp4Vlc1UFVscHlUMjlVQ2xwcWExVjVaMko1V0VSVFN6azVXVUppWTFJeFVHbHdPSFozVFZSdE5GaExkVXgwUTJsblpVSkNaR3BxUVZGa1oxVlBNamhNUlU1SGJITk5ibTFsV1dzS1NtWlBSRlpIYmxadGNqVk1kR0k1UVU1Qk9FbExlVlJtYzI1SVNqUnBUME5UTDFCc1VHSlZhakp4TjFsdWIxWk1jRzl6VlVKTmJHZFZZaTlEZVd0WU13cHRUMjlNWWpSNVNrcFJlVUV2YVZOVU5scDRhVWxGYWpNMlJEUjVWMW8xYkdjM1dVcHNLMVZwYVVKUlNFZERibEJrUjNscGNIRldNRFpsZURCb1pWbFhDbU5oYVZjNFRGZGFVMVZST1ROcVVTdFhWa05JT0doVU4wUlJUekZrYlhOMlZXMVliSEV2U21WQmJIZFJMMUZKUkVGUlFVSnZORWhuVFVsSVpFMUNNRWNLUVRGVlpFUm5VVmRDUWxKalFWSlBkR2hUTkZBMFZUZDJWR1pxUW5sRE5UWTVVamRGTmtSRFFuSlJXVVJXVWpCcVFrbEhiRTFKUjJsblFsSmpRVkpQZEFwb1V6UlFORlUzZGxSbWFrSjVRelUyT1ZJM1JUWkxSaTl3U0RCM1pYcEZURTFCYTBkQk1WVkZRbWhOUTFaV1RYaERla0ZLUW1kT1ZrSkJaMVJCYTA1Q0NrMVNXWGRHUVZsRVZsRlJTRVYzTVZSWlZ6Um5VbTVLYUdKdFRuQmpNazUyVFZKUmQwVm5XVVJXVVZGTFJYZDBRMk50Um10YWJXd3daVzFzZFZsNlJWTUtUVUpCUjBFeFZVVkJlRTFLWWtjNWFsbFhlRzlpTTA0d1RWSXdkMGQzV1VwTGIxcEphSFpqVGtGUmEwSkdaelZwWTIxR2ExRkhVbWhpYldSb1RHMU9kZ3BpV1VsS1FVeG1VbXhYYzBrNFdWRklUVUYzUjBFeFZXUkZkMUZHVFVGTlFrRm1PSGRFVVZsS1MyOWFTV2gyWTA1QlVVVkdRbEZCUkdkblJVSkJSelpvQ2xVNVpqbHpUa2d3THpadlFtSkhSM2t5UlZaVk1GVm5TVlJWVVVseVJsZHZPWEpHYTNKWE5Xc3ZXR3RFYWxGdEt6TnNlbXBVTUdsSFVqUkplRVV2UVc4S1pWVTJjMUZvZFdFM2QzSlhaVVpGYmpRM1IwdzVPR3h1UTNOS1pFUTNiMXBPYUVadFVUazFWR0l2VEc1RVZXcHpOVmxxT1dKeVVEQk9WM3BZWmxsVk5BcFZTekphYmtsT1NsSmpTbkJDT0dsU1EyRkRlRVU0UkdSalZVWXdXSEZKUlhFMmNFRXlOekp6Ym05TWJXbFlURTEyVG13emExbEZaRzByYW1VMmRtOUVDalU0VTA1V1JWVnplblI2VVhsWWJVcEZhRU53ZDFaSk1FRTJVVU5xZWxocUszRjJjRzEzTTFwYVNHazRTbmRZWldrNFdscENURlJUUmtKcmFUaGFOMjRLYzBnNVFrSklNemd2VTNwVmJVRk9ORkZJVTFCNU1XZHFjVzB3TUU5QlJUaE9ZVmxFYTJndllucEZOR1EzYlV4SFIwMVhjQzlYUlROTFVGTjFPREpJUmdwclVHVTJXRzlUWW1sTWJTOXJlR3N6TWxRd1BRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENnPT0KCi0gcGF0aDogJy9ldGMva3ViZXJuZXRlcy9ib290c3RyYXAta3ViZWxldC5jb25mJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgWVhCcFZtVnljMmx2YmpvZ2RqRUtZMngxYzNSbGNuTTZDaTBnWTJ4MWMzUmxjam9LSUNBZ0lHTmxjblJwWm1sallYUmxMV0YxZEdodmNtbDBlUzFrWVhSaE9pQk1VekIwVEZNeFExSlZaRXBVYVVKRVVsWktWVk5WV2twUk1FWlZVbE13ZEV4VE1IUkRhekZLVTFWU1NGSkZUa1JSVjJSRVdqQkdNMU5WU2tKYU1HeERVVlZTUWxSclNtNWhNMFp2WVRKc1NFOVlZM2RSYTBaU1l6QmFRbEpGUlRWVVZsSjZaREE1VWxkVlVsZFZWa1pGVWxod1MyVlhTWGxQVkVGTFZFWmtUMkZGZUhWVlZFNXFWak5TTkZwVlVsZGxSMUpFVGxkNGExZEZjREpaTUdSV1pFZFJlVlp1Y0d0U1JURXdWMWhyTVdFeGNGbFhXRlpvVFRGYWNGZHNhRXRrUm14WlZXNUNXbVZVVm5kWmJuQkNXbEZ3UjJSNlFqUlVNRkpDWlZVeFJWSllhRTVsYkZWNVZGVlNiMWxWV2pOTlNHeFFVa1ZHTkZSWWNFSmxSVEUyVmxSS1RsSkhhR2hVVlZGM1pVVTVObEZVVmtOYU1EVlhVV3RHVGxaRk1YVlRibHBwVFRGR01FTnNhM2xTV0ZaclVrZFNORmxVVGtkT1JUVlpVbXBDVFdKV1dYaFpNakExWkRGd1ZFMVVUbUZYUlRSM1ZGaHJlR0ZyZUhSVmJYaHJZVlJXZVZwR1pFdGlSMDUwVFZkb2ExSXllSEZVUnpGelpHc3hTbE5WU1V0VFYzQkNWR3RLYm1FelJtOWhNbXhJVDFoamQxRnJSbEpTVlZwQ1VWVTVSRkZXUlRSUlZURktVMVZLUkZvd2RFUlJWa1pHVVZoQk1sTkVXbGRPVkZwcFYxVm9NbEV5VmpaVVIzUjVXbXRzTmxSVVozaFpaM0J3WW5wamRsZHRSak5NTUhoTVVsaGpkMXBWV1hKVVJURXlUa1ZWY2t3eFJYWmFhMXB2WXpCb1JFc3lNVzlhVlhodVRWVm9XRlpXUWtkVlJrcHlUa1pDVWs5RVZuUlJVemd3WkVkd2NHSlhjRlJWUlZwRlEyMXpNbFV3YkhSbGEzUkhWRVpzVWxvelpFUmFNbVJ3Vm5wb1QwMXRhRkJMZW13MlkydEtWbEZWZUV0U2EyUkRUbXBTZGxReVRtbFJiVzh5VWxoSmRrc3dOWE5WUldSS1RURktVMVl4Wkd0aFZWWlZWakJaUzFZeGJFUk9SM0J0VTIxd2FWSnFWbEZaYm13MVYwVm9kV013Wkcxa1JrNVBWMVp3UTFSRVkzaFdlbVJ2VDFkd1RWWXpRalZXVm1STVZFUmFZVmRWUms5a01GSlFWR3BLVTFsdVFUTmtTRUl4WkhwQ1dVNW5jSEpoZVhOM1VWWmFNMVp1Y0hKTmVrRnlWRlUxTm1KWFdURk5TRVl6U3pJNE5FMVVhR2xhYTNoV1VrZDBhRlJyTVcxVVJrMHlVMVJDTTFWWE1ETlZhMlJ1U3pBeGJsWnNTa1ZsVkU1RVpGWnNlRnByYkZoRGJHdDVaVzVuTWxsNlpGRmpXSEJIWXpGYVYxcHJiSGxaVkVKcFRVaEdhR1JGTlhOTlZtaEpZV3BvTUVzd1pFOWpWMUpwWVZSSmRsSnNSbkZSTTJod1lrWlNUMlJYTlRCV1JFNHlaVlJLYkZRd2FGSlRWVkZMVVZaR1FsRnRPVFZVV0dSS1ZrVkdVRkZ0WkU5V2EyaFNUMFZLUWxwcWFFWlJhMFpPVVRCR2VGVllaRVZrTVd4RlZteEpkMVpGUmxKVFF6bERVVlpXTTFGWVpFWlJhVGsyVVZVMVExb3lkSGhoUjNSd1VuZHZOV1I2UWtOUlZrWjZVbXRHUWxRd1RrSlZWVlpDVTFjeFJtSnJiRmxXYWs1RlpWY3hSR05VYkhoVlJHUjNTek5XUzA1VVZqRmFiR2hyWVRGSmVWb3lhRVZXVm14NVZrWlNhbFZJWkhGVmFrcHhWa1ZvYUVOdGJHRlJVM1J1VDBjME1sVllTbFppTUU1RlRtNU9ObEo1ZEhOaFIwWnpUakpvVVU1dWFHdFdNMVpUWVd4b1IxTkZPRE5aYXpVeVRtcE9TbU5WVmtobGJFcEZXak5qTVZvelpHcGpWbFpWVjJ0V01tUXlZMHRhTWpFMlRucFZOV1I1T1doU2JWbDRWbXBGZVdGRVJtaGFiRUowVVZSc1JsSjZWazlhUldnMFl6Tm5OVkZYZUVsTE1Ga3laRWhzZW1OSVFsaGhSbFUwVjBWV1VsWlZSa3hSTVVKeFltNWtWbUpWY3pCalFXOHpXak5hVlZkdVNYbGxibTh3WW01a2IxZHRPSHBVUkdjMVRVUk9lR05JVW1walZFWnpWMnBTVUZkWVRrVmlNV2gyWWtSR01XVnRSbEpUUkdkNVpVaHNNMXBXVGt4Uk1IUlpZMFU1YVdGWWNHeE9WbTkzUTI1a2QySnRjR3RTU0ZaSlQwUmtORTVJU1RCVVIzQk9WMjVDTVUweldsbE9hM2h4VVd0U1RsVkdaSEpUUldoUlZHcFdRbUZYTUhoVGEzZ3dUbms1VTFSR1FtNVdTRkp4WXpCd1RtTnNVa0pWZW1SdldqRnZTMXByZEUxVVJHeFNWRlpHYzA1dVRYaGphMmhMVGtWMGNrd3lWVE5UTUdNMFUwVkZNR0ZGVms5U1YyaHlUMVpzUlZwc1JUbFFVVzkwVEZNd2RFeFZWazlTUTBKRVVsWktWVk5WV2twUk1FWlZVbE13ZEV4VE1IUkRaejA5Q2lBZ0lDQnpaWEoyWlhJNklHaDBkSEJ6T2k4dlptOXZMbUpoY2pvMk5EUXpDaUFnYm1GdFpUb2dZd3BqYjI1MFpYaDBjem9LTFNCamIyNTBaWGgwT2dvZ0lDQWdZMngxYzNSbGNqb2dZd29nSUNBZ2RYTmxjam9nWXdvZ0lHNWhiV1U2SUdNS1kzVnljbVZ1ZEMxamIyNTBaWGgwT2lCakNtdHBibVE2SUVOdmJtWnBad3B3Y21WbVpYSmxibU5sY3pvZ2UzMEtkWE5sY25NNkNpMGdibUZ0WlRvZ1l3b2dJSFZ6WlhJNkNpQWdJQ0IwYjJ0bGJqb2dkR1Z6ZEM1MFpYTjBDZ289CgotIHBhdGg6ICcvZXRjL3N5c3RlbWQvc3lzdGVtL3NldHVwLnNlcnZpY2UnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMGx1YzNSaGJHeGRDbGRoYm5SbFpFSjVQVzExYkhScExYVnpaWEl1ZEdGeVoyVjBDZ3BiVlc1cGRGMEtVbVZ4ZFdseVpYTTlibVYwZDI5eWF5MXZibXhwYm1VdWRHRnlaMlYwQ2tGbWRHVnlQVzVsZEhkdmNtc3RiMjVzYVc1bExuUmhjbWRsZEFvS1cxTmxjblpwWTJWZENsUjVjR1U5YjI1bGMyaHZkQXBTWlcxaGFXNUJablJsY2tWNGFYUTlkSEoxWlFwRmJuWnBjbTl1YldWdWRFWnBiR1U5TFM5bGRHTXZaVzUyYVhKdmJtMWxiblFLUlhobFkxTjBZWEowUFM5dmNIUXZZbWx1TDNOMWNHVnlkbWx6WlM1emFDQXZiM0IwTDJKcGJpOXpaWFIxY0FvPQoKLSBwYXRoOiAnL2V0Yy9wcm9maWxlLmQvb3B0LWJpbi1wYXRoLnNoJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgWlhod2IzSjBJRkJCVkVnOUlpOXZjSFF2WW1sdU9pUlFRVlJJSWdvPQoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL2t1YmVsZXQuY29uZicKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFlYQnBWbVZ5YzJsdmJqb2dhM1ZpWld4bGRDNWpiMjVtYVdjdWF6aHpMbWx2TDNZeFltVjBZVEVLYTJsdVpEb2dTM1ZpWld4bGRFTnZibVpwWjNWeVlYUnBiMjRLWVhWMGFHVnVkR2xqWVhScGIyNDZDaUFnWVc1dmJubHRiM1Z6T2dvZ0lDQWdaVzVoWW14bFpEb2dabUZzYzJVS0lDQjNaV0pvYjI5ck9nb2dJQ0FnWlc1aFlteGxaRG9nZEhKMVpRb2dJSGcxTURrNkNpQWdJQ0JqYkdsbGJuUkRRVVpwYkdVNklDOWxkR012YTNWaVpYSnVaWFJsY3k5d2Eya3ZZMkV1WTNKMENtRjFkR2h2Y21sNllYUnBiMjQ2Q2lBZ2JXOWtaVG9nVjJWaWFHOXZhd3BqWjNKdmRYQkVjbWwyWlhJNklITjVjM1JsYldRS1kyeDFjM1JsY2tST1V6b0tMU0FpTVRBdU1DNHdMakFpQ21Oc2RYTjBaWEpFYjIxaGFXNDZJR05zZFhOMFpYSXViRzlqWVd3S1kyOXVkR0ZwYm1WeVRHOW5UV0Y0VTJsNlpUb2dNekF3VFdrS1kyOXVkR0ZwYm1WeVRHOW5UV0Y0Um1sc1pYTTZJRE13Q21abFlYUjFjbVZIWVhSbGN6b0tJQ0JIY21GalpXWjFiRTV2WkdWVGFIVjBaRzkzYmpvZ2RISjFaUW9nSUVsa1pXNTBhV1o1VUc5a1QxTTZJR1poYkhObENuQnliM1JsWTNSTFpYSnVaV3hFWldaaGRXeDBjem9nZEhKMVpRcHlaV0ZrVDI1c2VWQnZjblE2SURBS2NtOTBZWFJsUTJWeWRHbG1hV05oZEdWek9pQjBjblZsQ25ObGNuWmxjbFJNVTBKdmIzUnpkSEpoY0RvZ2RISjFaUXB6ZEdGMGFXTlFiMlJRWVhSb09pQXZaWFJqTDJ0MVltVnlibVYwWlhNdmJXRnVhV1psYzNSekNtdDFZbVZTWlhObGNuWmxaRG9LSUNCamNIVTZJRE13YlFvZ0lHVndhR1Z0WlhKaGJDMXpkRzl5WVdkbE9pQXpNRWRwQ25ONWMzUmxiVkpsYzJWeWRtVmtPZ29nSUdOd2RUb2dNekJ0Q2lBZ1pYQm9aVzFsY21Gc0xYTjBiM0poWjJVNklETXdSMmtLWlhacFkzUnBiMjVJWVhKa09nb2dJRzFsYlc5eWVTNWhkbUZwYkdGaWJHVTZJRE13VFdrS2JXRjRVRzlrY3pvZ01URXdDblJzYzBOcGNHaGxjbE4xYVhSbGN6b0tMU0JVVEZOZlFVVlRYekV5T0Y5SFEwMWZVMGhCTWpVMkNpMGdWRXhUWDBGRlUxOHlOVFpmUjBOTlgxTklRVE00TkFvdElGUk1VMTlEU0VGRFNFRXlNRjlRVDB4Wk1UTXdOVjlUU0VFeU5UWUtMU0JVVEZOZlJVTkVTRVZmUlVORVUwRmZWMGxVU0Y5QlJWTmZNVEk0WDBkRFRWOVRTRUV5TlRZS0xTQlVURk5mUlVORVNFVmZSVU5FVTBGZlYwbFVTRjlCUlZOZk1qVTJYMGREVFY5VFNFRXpPRFFLTFNCVVRGTmZSVU5FU0VWZlJVTkVVMEZmVjBsVVNGOURTRUZEU0VFeU1GOVFUMHhaTVRNd05Rb3RJRlJNVTE5RlEwUklSVjlTVTBGZlYwbFVTRjlCUlZOZk1USTRYMGREVFY5VFNFRXlOVFlLTFNCVVRGTmZSVU5FU0VWZlVsTkJYMWRKVkVoZlFVVlRYekkxTmw5SFEwMWZVMGhCTXpnMENpMGdWRXhUWDBWRFJFaEZYMUpUUVY5WFNWUklYME5JUVVOSVFUSXdYMUJQVEZreE16QTFDblp2YkhWdFpWQnNkV2RwYmtScGNqb2dMM1poY2k5c2FXSXZhM1ZpWld4bGRDOTJiMngxYldWd2JIVm5hVzV6Q2c9PQoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LWhlYWx0aGNoZWNrLnNlcnZpY2UnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMVZ1YVhSZENsSmxjWFZwY21WelBXdDFZbVZzWlhRdWMyVnlkbWxqWlFwQlpuUmxjajFyZFdKbGJHVjBMbk5sY25acFkyVUtDbHRUWlhKMmFXTmxYUXBGZUdWalUzUmhjblE5TDI5d2RDOWlhVzR2YUdWaGJIUm9MVzF2Ym1sMGIzSXVjMmdnYTNWaVpXeGxkQW9LVzBsdWMzUmhiR3hkQ2xkaGJuUmxaRUo1UFcxMWJIUnBMWFZ6WlhJdWRHRnlaMlYwQ2c9PQoKLSBwYXRoOiAnL29wdC9kaXNhYmxlLXN3YXAuc2gnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2ZFhOeUwySnBiaTlsYm5ZZ1ltRnphQXB6WlhRZ0xXVjFieUJ3YVhCbFptRnBiQW9LSXlCTllXdGxJSE4xY21VZ2QyVWdZV3gzWVhseklHUnBjMkZpYkdVZ2MzZGhjQ0F0SUU5MGFHVnlkMmx6WlNCMGFHVWdhM1ZpWld4bGRDQjNiMjRuZENCemRHRnlkQ0JoY3lCbWIzSWdjMjl0WlNCamJHOTFaQW9qSUhCeWIzWnBaR1Z5Y3lCemQyRndJR2RsZEhNZ1pXNWhZbXhsWkNCdmJpQnlaV0p2YjNRZ2IzSWdZV1owWlhJZ2RHaGxJSE5sZEhWd0lITmpjbWx3ZENCb1lYTWdabWx1YVhOb1pXUWdaWGhsWTNWMGFXNW5MZ3B6WldRZ0xXa3ViM0pwWnlBbkx5NHFjM2RoY0M0cUwyUW5JQzlsZEdNdlpuTjBZV0lLYzNkaGNHOW1aaUF0WVFvPQoKLSBwYXRoOiAnL2V0Yy9jcmljdGwueWFtbCcKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgY29udGVudDogfC0KICAgIHJ1bnRpbWUtZW5kcG9pbnQ6IHVuaXg6Ly8vcnVuL2NvbnRhaW5lcmQvY29udGFpbmVyZC5zb2NrCiAgICAKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0vY29udGFpbmVyZC5zZXJ2aWNlLmQvZW52aXJvbm1lbnQuY29uZicKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgY29udGVudDogfC0KICAgIFtTZXJ2aWNlXQogICAgUmVzdGFydD1hbHdheXMKICAgIEVudmlyb25tZW50RmlsZT0tL2V0Yy9lbnZpcm9ubWVudAogICAgCgotIHBhdGg6ICcvZXRjL2NvbnRhaW5lcmQvY29uZmlnLnRvbWwnCiAgcGVybWlzc2lvbnM6ICcwNjAwJwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBkbVZ5YzJsdmJpQTlJRElLQ2x0dFpYUnlhV056WFFwaFpHUnlaWE56SUQwZ0lqRXlOeTR3TGpBdU1Ub3hNek00SWdvS1czQnNkV2RwYm5OZENsdHdiSFZuYVc1ekxpSnBieTVqYjI1MFlXbHVaWEprTG1keWNHTXVkakV1WTNKcElsMEtjMkZ1WkdKdmVGOXBiV0ZuWlNBOUlDSXhPVEl1TVRZNExqRXdNQzR4TURBNk5UQXdNQzlyZFdKbGNtNWxkR1Z6TDNCaGRYTmxPbll6TGpFaUNsdHdiSFZuYVc1ekxpSnBieTVqYjI1MFlXbHVaWEprTG1keWNHTXVkakV1WTNKcElpNWpiMjUwWVdsdVpYSmtYUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1WTI5dWRHRnBibVZ5WkM1eWRXNTBhVzFsYzEwS1czQnNkV2RwYm5NdUltbHZMbU52Ym5SaGFXNWxjbVF1WjNKd1l5NTJNUzVqY21raUxtTnZiblJoYVc1bGNtUXVjblZ1ZEdsdFpYTXVjblZ1WTEwS2NuVnVkR2x0WlY5MGVYQmxJRDBnSW1sdkxtTnZiblJoYVc1bGNtUXVjblZ1WXk1Mk1pSUtXM0JzZFdkcGJuTXVJbWx2TG1OdmJuUmhhVzVsY21RdVozSndZeTUyTVM1amNta2lMbU52Ym5SaGFXNWxjbVF1Y25WdWRHbHRaWE11Y25WdVl5NXZjSFJwYjI1elhRcFRlWE4wWlcxa1EyZHliM1Z3SUQwZ2RISjFaUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1Y21WbmFYTjBjbmxkQ2x0d2JIVm5hVzV6TGlKcGJ5NWpiMjUwWVdsdVpYSmtMbWR5Y0dNdWRqRXVZM0pwSWk1eVpXZHBjM1J5ZVM1dGFYSnliM0p6WFFwYmNHeDFaMmx1Y3k0aWFXOHVZMjl1ZEdGcGJtVnlaQzVuY25CakxuWXhMbU55YVNJdWNtVm5hWE4wY25rdWJXbHljbTl5Y3k0aVpHOWphMlZ5TG1sdklsMEtaVzVrY0c5cGJuUWdQU0JiSW1oMGRIQnpPaTh2Y21WbmFYTjBjbmt1Wkc5amEyVnlMV051TG1OdmJTSmRDbHR3YkhWbmFXNXpMaUpwYnk1amIyNTBZV2x1WlhKa0xtZHljR011ZGpFdVkzSnBJaTV5WldkcGMzUnllUzVqYjI1bWFXZHpYUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1Y21WbmFYTjBjbmt1WTI5dVptbG5jeTRpTVRBdU1DNHdMakU2TlRBd01DSmRDbHR3YkhWbmFXNXpMaUpwYnk1amIyNTBZV2x1WlhKa0xtZHljR011ZGpFdVkzSnBJaTV5WldkcGMzUnllUzVqYjI1bWFXZHpMaUl4TUM0d0xqQXVNVG8xTURBd0lpNTBiSE5kQ21sdWMyVmpkWEpsWDNOcmFYQmZkbVZ5YVdaNUlEMGdkSEoxWlFwYmNHeDFaMmx1Y3k0aWFXOHVZMjl1ZEdGcGJtVnlaQzVuY25CakxuWXhMbU55YVNJdWNtVm5hWE4wY25rdVkyOXVabWxuY3k0aU1Ua3lMakUyT0M0eE1EQXVNVEF3T2pVd01EQWlYUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1Y21WbmFYTjBjbmt1WTI5dVptbG5jeTRpTVRreUxqRTJPQzR4TURBdU1UQXdPalV3TURBaUxuUnNjMTBLYVc1elpXTjFjbVZmYzJ0cGNGOTJaWEpwWm5rZ1BTQjBjblZsQ2dvPQo= +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: kubelet-configuration-kube-system-provisioning-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-kubelet-configuration-docker-bootstrap.yaml b/pkg/controllers/osc/testdata/secret-kubelet-configuration-docker-bootstrap.yaml index e69de29b..948cd44f 100644 --- a/pkg/controllers/osc/testdata/secret-kubelet-configuration-docker-bootstrap.yaml +++ b/pkg/controllers/osc/testdata/secret-kubelet-configuration-docker-bootstrap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiBubwpzc2hfYXV0aG9yaXplZF9rZXlzOgotICdzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFEQVFBQkFBQUNBUURkT0loWW16Q0s1RFNWTHUzYycKd3JpdGVfZmlsZXM6Ci0gcGF0aDogJy9vcHQvYmluL2Jvb3RzdHJhcCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZZbWx1TDJKaGMyZ0tjMlYwSUMxNFpYVnZJSEJwY0dWbVlXbHNDZ3BsZUhCdmNuUWdSRVZDU1VGT1gwWlNUMDVVUlU1RVBXNXZibWx1ZEdWeVlXTjBhWFpsQ21Gd2RDQjFjR1JoZEdVZ0ppWWdZWEIwSUdsdWMzUmhiR3dnTFhrZ1kzVnliQ0JxY1FwamRYSnNJQzF6SUMxcklDMTJJQzB0YUdWaFpHVnlJQ2RCZFhSb2IzSnBlbUYwYVc5dU9pQkNaV0Z5WlhJZ2RHOXdMWE5sWTNKbGRDY0phSFIwY0hNNkx5OW1iMjh1WW1GeU9qWTBORE12WVhCcEwzWXhMMjVoYldWemNHRmpaWE12WTJ4dmRXUXRhVzVwZEMxelpYUjBhVzVuY3k5elpXTnlaWFJ6TDJ0MVltVnNaWFF0WTI5dVptbG5kWEpoZEdsdmJpMXJkV0psTFhONWMzUmxiUzF3Y205MmFYTnBiMjVwYm1jdFkyOXVabWxuSUh3Z2FuRWdKeTVrWVhSaFd5SmpiRzkxWkMxamIyNW1hV2NpWFNjZ0xYSjhJR0poYzJVMk5DQXRaQ0ErSUM5bGRHTXZZMnh2ZFdRdlkyeHZkV1F1WTJabkxtUXZhM1ZpWld4bGRDMWpiMjVtYVdkMWNtRjBhVzl1TFd0MVltVXRjM2x6ZEdWdExYQnliM1pwYzJsdmJtbHVaeTFqYjI1bWFXY3VZMlpuQ21Oc2IzVmtMV2x1YVhRZ1kyeGxZVzRLWTJ4dmRXUXRhVzVwZENBdExXWnBiR1VnTDJWMFl5OWpiRzkxWkM5amJHOTFaQzVqWm1jdVpDOXJkV0psYkdWMExXTnZibVpwWjNWeVlYUnBiMjR0YTNWaVpTMXplWE4wWlcwdGNISnZkbWx6YVc5dWFXNW5MV052Ym1acFp5NWpabWNnYVc1cGRBcHplWE4wWlcxamRHd2daR0ZsYlc5dUxYSmxiRzloWkFvS2MzbHpkR1Z0WTNSc0lISmxjM1JoY25RZ2MyVjBkWEF1YzJWeWRtbGpaUW89CgotIHBhdGg6ICcvZXRjL3N5c3RlbWQvc3lzdGVtL2Jvb3RzdHJhcC5zZXJ2aWNlJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdlltbHVMMkpoYzJnS1cwbHVjM1JoYkd4ZENsZGhiblJsWkVKNVBXMTFiSFJwTFhWelpYSXVkR0Z5WjJWMENncGJWVzVwZEYwS1VtVnhkV2x5WlhNOWJtVjBkMjl5YXkxdmJteHBibVV1ZEdGeVoyVjBDa0ZtZEdWeVBXNWxkSGR2Y21zdGIyNXNhVzVsTG5SaGNtZGxkQXBiVTJWeWRtbGpaVjBLVkhsd1pUMXZibVZ6YUc5MENsSmxiV0ZwYmtGbWRHVnlSWGhwZEQxMGNuVmxDa1Y0WldOVGRHRnlkRDB2YjNCMEwySnBiaTlpYjI5MGMzUnlZWEFLCgpydW5jbWQ6Ci0gc3lzdGVtY3RsIHJlc3RhcnQgYm9vdHN0cmFwLnNlcnZpY2UKLSBzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZAo= +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: kubelet-configuration-kube-system-bootstrap-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-kubelet-configuration-docker-provisioning.yaml b/pkg/controllers/osc/testdata/secret-kubelet-configuration-docker-provisioning.yaml index e69de29b..0f8eaba2 100644 --- a/pkg/controllers/osc/testdata/secret-kubelet-configuration-docker-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-kubelet-configuration-docker-provisioning.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiBubwpzc2hfYXV0aG9yaXplZF9rZXlzOgotICdzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFEQVFBQkFBQUNBUURkT0loWW16Q0s1RFNWTHUzYycKd3JpdGVfZmlsZXM6Ci0gcGF0aDogJy9vcHQvYmluL2hlYWx0aC1tb25pdG9yLnNoJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdmRYTnlMMkpwYmk5bGJuWWdZbUZ6YUFvS0l5QkRiM0I1Y21sbmFIUWdNakF4TmlCVWFHVWdTM1ZpWlhKdVpYUmxjeUJCZFhSb2IzSnpMZ29qQ2lNZ1RHbGpaVzV6WldRZ2RXNWtaWElnZEdobElFRndZV05vWlNCTWFXTmxibk5sTENCV1pYSnphVzl1SURJdU1DQW9kR2hsSUNKTWFXTmxibk5sSWlrN0NpTWdlVzkxSUcxaGVTQnViM1FnZFhObElIUm9hWE1nWm1sc1pTQmxlR05sY0hRZ2FXNGdZMjl0Y0d4cFlXNWpaU0IzYVhSb0lIUm9aU0JNYVdObGJuTmxMZ29qSUZsdmRTQnRZWGtnYjJKMFlXbHVJR0VnWTI5d2VTQnZaaUIwYUdVZ1RHbGpaVzV6WlNCaGRBb2pDaU1nSUNBZ0lHaDBkSEE2THk5M2QzY3VZWEJoWTJobExtOXlaeTlzYVdObGJuTmxjeTlNU1VORlRsTkZMVEl1TUFvakNpTWdWVzVzWlhOeklISmxjWFZwY21Wa0lHSjVJR0Z3Y0d4cFkyRmliR1VnYkdGM0lHOXlJR0ZuY21WbFpDQjBieUJwYmlCM2NtbDBhVzVuTENCemIyWjBkMkZ5WlFvaklHUnBjM1J5YVdKMWRHVmtJSFZ1WkdWeUlIUm9aU0JNYVdObGJuTmxJR2x6SUdScGMzUnlhV0oxZEdWa0lHOXVJR0Z1SUNKQlV5QkpVeUlnUWtGVFNWTXNDaU1nVjBsVVNFOVZWQ0JYUVZKU1FVNVVTVVZUSUU5U0lFTlBUa1JKVkVsUFRsTWdUMFlnUVU1WklFdEpUa1FzSUdWcGRHaGxjaUJsZUhCeVpYTnpJRzl5SUdsdGNHeHBaV1F1Q2lNZ1UyVmxJSFJvWlNCTWFXTmxibk5sSUdadmNpQjBhR1VnYzNCbFkybG1hV01nYkdGdVozVmhaMlVnWjI5MlpYSnVhVzVuSUhCbGNtMXBjM05wYjI1eklHRnVaQW9qSUd4cGJXbDBZWFJwYjI1eklIVnVaR1Z5SUhSb1pTQk1hV05sYm5ObExnb0tJeUJVYUdseklITmpjbWx3ZENCcGN5Qm1iM0lnYldGemRHVnlJR0Z1WkNCdWIyUmxJR2x1YzNSaGJtTmxJR2hsWVd4MGFDQnRiMjVwZEc5eWFXNW5MQ0IzYUdsamFDQnBjd29qSUhCaFkydGxaQ0JwYmlCcmRXSmxMVzFoYm1sbVpYTjBJSFJoY21KaGJHd3VJRWwwSUdseklHVjRaV04xZEdWa0lIUm9jbTkxWjJnZ1lTQnplWE4wWlcxa0lITmxjblpwWTJVS0l5QnBiaUJqYkhWemRHVnlMMmRqWlM5blkya3ZQRzFoYzNSbGNpOXViMlJsUGk1NVlXMXNMaUJVYUdVZ1pXNTJJSFpoY21saFlteGxjeUJqYjIxbElHWnliMjBnWVc0Z1pXNTJDaU1nWm1sc1pTQndjbTkyYVdSbFpDQmllU0IwYUdVZ2MzbHpkR1Z0WkNCelpYSjJhV05sTGdvS0l5QlVhR2x6SUhOamNtbHdkQ0JwY3lCaElITnNhV2RvZEd4NUlHRmthblZ6ZEdWa0lIWmxjbk5wYjI0Z2IyWUtJeUJvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2YTNWaVpYSnVaWFJsY3k5cmRXSmxjbTVsZEdWekwySnNiMkl2WlRGaE1XRmhNakV4TWpJMFptTmtPV0l5TVRNME1qQmlPREJpTW1GbE5qZ3dOalk1TmpnelpDOWpiSFZ6ZEdWeUwyZGpaUzluWTJrdmFHVmhiSFJvTFcxdmJtbDBiM0l1YzJnS0l5QkJaR3AxYzNSdFpXNTBjeUJoY21VNkNpTWdLaUJMZFdKbGJHVjBJR2hsWVd4MGFDQndiM0owSUdseklERXdNalE0SUc1dmRDQXhNREkxTlFvaklDb2dVbVZ0YjNaaGJDQnZaaUJoYkd3Z1lXeHNJSEpsWm1WeVpXNWpaWE1nZEc4Z2RHaGxJRXRWUWtWZlJVNVdJR1pwYkdVS0NuTmxkQ0F0YnlCdWIzVnVjMlYwQ25ObGRDQXRieUJ3YVhCbFptRnBiQW9LSXlCWFpTQnphVzF3YkhrZ2EybHNiQ0IwYUdVZ2NISnZZMlZ6Y3lCM2FHVnVJSFJvWlhKbElHbHpJR0VnWm1GcGJIVnlaUzRnUVc1dmRHaGxjaUJ6ZVhOMFpXMWtJSE5sY25acFkyVWdkMmxzYkFvaklHRjFkRzl0WVhScFkyRnNiSGtnY21WemRHRnlkQ0IwYUdVZ2NISnZZMlZ6Y3k0S1puVnVZM1JwYjI0Z1kyOXVkR0ZwYm1WeVgzSjFiblJwYldWZmJXOXVhWFJ2Y21sdVp5Z3BJSHNLSUNCc2IyTmhiQ0F0Y2lCdFlYaGZZWFIwWlcxd2RITTlOUW9nSUd4dlkyRnNJR0YwZEdWdGNIUTlNUW9nSUd4dlkyRnNJQzF5SUdOdmJuUmhhVzVsY2w5eWRXNTBhVzFsWDI1aGJXVTlJaVI3UTA5T1ZFRkpUa1ZTWDFKVlRsUkpUVVZmVGtGTlJUb3RaRzlqYTJWeWZTSUtJQ0FqSUZkbElITjBhV3hzSUc1bFpXUWdkRzhnZFhObElDZGtiMk5yWlhJZ2NITW5JSGRvWlc0Z1kyOXVkR0ZwYm1WeUlISjFiblJwYldVZ2FYTWdJbVJ2WTJ0bGNpSXVJRlJvYVhNZ2FYTWdZbVZqWVhWelpRb2dJQ01nWkc5amEyVnljMmhwYlNCcGN5QnpkR2xzYkNCd1lYSjBJRzltSUd0MVltVnNaWFFnZEc5a1lYa3VJRmRvWlc0Z2EzVmlaV3hsZENCcGN5QmtiM2R1TENCamNtbGpkR3dnY0c5a2N3b2dJQ01nZDJsc2JDQmhiSE52SUdaaGFXd3NJR0Z1WkNCa2IyTnJaWElnZDJsc2JDQmlaU0JyYVd4c1pXUXVJRlJvYVhNZ2FYTWdkVzVrWlhOcGNtRmliR1VnWlhOd1pXTnBZV3hzZVNCM2FHVnVDaUFnSXlCa2IyTnJaWElnYkdsMlpTQnlaWE4wYjNKbElHbHpJR1JwYzJGaWJHVmtMZ29nSUd4dlkyRnNJR2hsWVd4MGFHTm9aV05yWDJOdmJXMWhibVE5SW1SdlkydGxjaUJ3Y3lJS0lDQnBaaUJiV3lBaUpIdERUMDVVUVVsT1JWSmZVbFZPVkVsTlJUb3RaRzlqYTJWeWZTSWdJVDBnSW1SdlkydGxjaUlnWFYwN0lIUm9aVzRLSUNBZ0lHaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUTlJbU55YVdOMGJDQndiMlJ6SWdvZ0lHWnBDaUFnSXlCRGIyNTBZV2x1WlhJZ2NuVnVkR2x0WlNCemRHRnlkSFZ3SUhSaGEyVnpJSFJwYldVdUlFMWhhMlVnYVc1cGRHbGhiQ0JoZEhSbGJYQjBjeUJpWldadmNtVWdjM1JoY25ScGJtY0tJQ0FqSUd0cGJHeHBibWNnZEdobElHTnZiblJoYVc1bGNpQnlkVzUwYVcxbExnb2dJSFZ1ZEdsc0lIUnBiV1Z2ZFhRZ05qQWdKSHRvWldGc2RHaGphR1ZqYTE5amIyMXRZVzVrZlNBK0lDOWtaWFl2Ym5Wc2JEc2daRzhLSUNBZ0lHbG1JQ2dvWVhSMFpXMXdkQ0E5UFNCdFlYaGZZWFIwWlcxd2RITXBLVHNnZEdobGJnb2dJQ0FnSUNCbFkyaHZJQ0pOWVhnZ1lYUjBaVzF3ZENBa2UyMWhlRjloZEhSbGJYQjBjMzBnY21WaFkyaGxaQ0VnVUhKdlkyVmxaR2x1WnlCMGJ5QnRiMjVwZEc5eUlHTnZiblJoYVc1bGNpQnlkVzUwYVcxbElHaGxZV3gwYUdsdVpYTnpMaUlLSUNBZ0lDQWdZbkpsWVdzS0lDQWdJR1pwQ2lBZ0lDQmxZMmh2SUNJa1lYUjBaVzF3ZENCcGJtbDBhV0ZzSUdGMGRHVnRjSFFnWENJa2UyaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUjlYQ0loSUZSeWVXbHVaeUJoWjJGcGJpQnBiaUFrWVhSMFpXMXdkQ0J6WldOdmJtUnpMaTR1SWdvZ0lDQWdjMnhsWlhBZ0lpUW9LRElnS2lvZ1lYUjBaVzF3ZENzcktTa2lDaUFnWkc5dVpRb2dJSGRvYVd4bElIUnlkV1U3SUdSdkNpQWdJQ0JwWmlBaElIUnBiV1Z2ZFhRZ05qQWdKSHRvWldGc2RHaGphR1ZqYTE5amIyMXRZVzVrZlNBK0lDOWtaWFl2Ym5Wc2JEc2dkR2hsYmdvZ0lDQWdJQ0JsWTJodklDSkRiMjUwWVdsdVpYSWdjblZ1ZEdsdFpTQWtlMk52Ym5SaGFXNWxjbDl5ZFc1MGFXMWxYMjVoYldWOUlHWmhhV3hsWkNFaUNpQWdJQ0FnSUdsbUlGdGJJQ0lrWTI5dWRHRnBibVZ5WDNKMWJuUnBiV1ZmYm1GdFpTSWdQVDBnSW1SdlkydGxjaUlnWFYwN0lIUm9aVzRLSUNBZ0lDQWdJQ0FqSUVSMWJYQWdjM1JoWTJzZ2IyWWdaRzlqYTJWeUlHUmhaVzF2YmlCbWIzSWdhVzUyWlhOMGFXZGhkR2x2Ymk0S0lDQWdJQ0FnSUNBaklFeHZaeUJtYVd4bElHNWhiV1VnYkc5dmEzTWdiR2xyWlNCbmIzSnZkWFJwYm1VdGMzUmhZMnR6TFZSSlRVVlRWRUZOVUNCaGJtUWdkMmxzYkNCaVpTQnpZWFpsWkNCMGJ3b2dJQ0FnSUNBZ0lDTWdkR2hsSUdWNFpXTWdjbTl2ZENCa2FYSmxZM1J2Y25rc0lIZG9hV05vSUdseklDOTJZWEl2Y25WdUwyUnZZMnRsY2k4Z2IyNGdWV0oxYm5SMUlHRnVaQ0JEVDFNdUNpQWdJQ0FnSUNBZ2NHdHBiR3dnTFZOSlIxVlRVakVnWkc5amEyVnlaQW9nSUNBZ0lDQm1hUW9nSUNBZ0lDQnplWE4wWlcxamRHd2dhMmxzYkNBdExXdHBiR3d0ZDJodlBXMWhhVzRnSWlSN1kyOXVkR0ZwYm1WeVgzSjFiblJwYldWZmJtRnRaWDBpQ2lBZ0lDQWdJQ01nVjJGcGRDQm1iM0lnWVNCM2FHbHNaU3dnWVhNZ2QyVWdaRzl1SjNRZ2QyRnVkQ0IwYnlCcmFXeHNJR2wwSUdGbllXbHVJR0psWm05eVpTQnBkQ0JwY3lCeVpXRnNiSGtnZFhBdUNpQWdJQ0FnSUhOc1pXVndJREV5TUFvZ0lDQWdaV3h6WlFvZ0lDQWdJQ0J6YkdWbGNDQWlKSHRUVEVWRlVGOVRSVU5QVGtSVGZTSUtJQ0FnSUdacENpQWdaRzl1WlFwOUNncG1kVzVqZEdsdmJpQnJkV0psYkdWMFgyMXZibWwwYjNKcGJtY29LU0I3Q2lBZ1pXTm9ieUFpVjJGcGRDQm1iM0lnTWlCdGFXNTFkR1Z6SUdadmNpQnJkV0psYkdWMElIUnZJR0psSUdaMWJtTjBhVzl1WVd3aUNpQWdjMnhsWlhBZ01USXdDaUFnYkc5allXd2dMWElnYldGNFgzTmxZMjl1WkhNOU1UQUtJQ0JzYjJOaGJDQnZkWFJ3ZFhROUlpSUtJQ0IzYUdsc1pTQjBjblZsT3lCa2J3b2dJQ0FnYkc5allXd2dabUZwYkdWa1BXWmhiSE5sQ2dvZ0lDQWdhV1lnYW05MWNtNWhiR04wYkNBdGRTQnJkV0psYkdWMElDMXVJREVnZkNCbmNtVndJQzF4SUNKMWMyVWdiMllnWTJ4dmMyVmtJRzVsZEhkdmNtc2dZMjl1Ym1WamRHbHZiaUk3SUhSb1pXNEtJQ0FnSUNBZ1ptRnBiR1ZrUFhSeWRXVUtJQ0FnSUNBZ1pXTm9ieUFpUzNWaVpXeGxkQ0J6ZEc5d2NHVmtJSEJ2YzNScGJtY2dibTlrWlNCemRHRjBkWE11SUZKbGMzUmhjblJwYm1jaUNpQWdJQ0JsYkdsbUlDRWdiM1YwY0hWMFBTUW9ZM1Z5YkNBdGJTQWlKSHR0WVhoZmMyVmpiMjVrYzMwaUlDMW1JQzF6SUMxVElHaDBkSEE2THk4eE1qY3VNQzR3TGpFNk1UQXlORGd2YUdWaGJIUm9laUF5UGlZeEtUc2dkR2hsYmdvZ0lDQWdJQ0JtWVdsc1pXUTlkSEoxWlFvZ0lDQWdJQ0FqSUZCeWFXNTBJSFJvWlNCeVpYTndiMjV6WlNCaGJtUXZiM0lnWlhKeWIzSnpMZ29nSUNBZ0lDQmxZMmh2SUNJa2IzVjBjSFYwSWdvZ0lDQWdabWtLQ2lBZ0lDQnBaaUJiV3lBaUpHWmhhV3hsWkNJZ1BUMGdJblJ5ZFdVaUlGMWRPeUIwYUdWdUNpQWdJQ0FnSUdWamFHOGdJa3QxWW1Wc1pYUWdhWE1nZFc1b1pXRnNkR2g1SVNJS0lDQWdJQ0FnYzNsemRHVnRZM1JzSUd0cGJHd2dhM1ZpWld4bGRBb2dJQ0FnSUNBaklGZGhhWFFnWm05eUlHRWdkMmhwYkdVc0lHRnpJSGRsSUdSdmJpZDBJSGRoYm5RZ2RHOGdhMmxzYkNCcGRDQmhaMkZwYmlCaVpXWnZjbVVnYVhRZ2FYTWdjbVZoYkd4NUlIVndMZ29nSUNBZ0lDQnpiR1ZsY0NBMk1Bb2dJQ0FnWld4elpRb2dJQ0FnSUNCemJHVmxjQ0FpSkh0VFRFVkZVRjlUUlVOUFRrUlRmU0lLSUNBZ0lHWnBDaUFnWkc5dVpRcDlDZ29qSXlNakl5TWpJeU1qSXlNakl5Qk5ZV2x1SUVaMWJtTjBhVzl1SUNNakl5TWpJeU1qSXlNakl5TWpJeU1LYVdZZ1cxc2dJaVFqSWlBdGJtVWdNU0JkWFRzZ2RHaGxiZ29nSUdWamFHOGdJbFZ6WVdkbE9pQm9aV0ZzZEdndGJXOXVhWFJ2Y2k1emFDQThZMjl1ZEdGcGJtVnlMWEoxYm5ScGJXVXZhM1ZpWld4bGRENGlDaUFnWlhocGRDQXhDbVpwQ2dwVFRFVkZVRjlUUlVOUFRrUlRQVEV3Q21OdmJYQnZibVZ1ZEQwa01RcGxZMmh2SUNKVGRHRnlkQ0JyZFdKbGNtNWxkR1Z6SUdobFlXeDBhQ0J0YjI1cGRHOXlhVzVuSUdadmNpQWtlMk52YlhCdmJtVnVkSDBpQ21sbUlGdGJJQ0lrZTJOdmJYQnZibVZ1ZEgwaUlEMDlJQ0pqYjI1MFlXbHVaWEl0Y25WdWRHbHRaU0lnWFYwN0lIUm9aVzRLSUNCamIyNTBZV2x1WlhKZmNuVnVkR2x0WlY5dGIyNXBkRzl5YVc1bkNtVnNhV1lnVzFzZ0lpUjdZMjl0Y0c5dVpXNTBmU0lnUFQwZ0ltdDFZbVZzWlhRaUlGMWRPeUIwYUdWdUNpQWdhM1ZpWld4bGRGOXRiMjVwZEc5eWFXNW5DbVZzYzJVS0lDQmxZMmh2SUNKSVpXRnNkR2dnYlc5dWFYUnZjbWx1WnlCbWIzSWdZMjl0Y0c5dVpXNTBJQ1I3WTI5dGNHOXVaVzUwZlNCcGN5QnViM1FnYzNWd2NHOXlkR1ZrSVNJS1pta0sKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9qb3VybmFsZC5jb25mLmQvbWF4X2Rpc2tfdXNlLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMHB2ZFhKdVlXeGRDbE41YzNSbGJVMWhlRlZ6WlQwMVJ3bz0KCi0gcGF0aDogJy9vcHQvbG9hZC1rZXJuZWwtbW9kdWxlcy5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZkWE55TDJKcGJpOWxibllnWW1GemFBcHpaWFFnTFdWMWJ5QndhWEJsWm1GcGJBb0tiVzlrY0hKdlltVWdhWEJmZG5NS2JXOWtjSEp2WW1VZ2FYQmZkbk5mY25JS2JXOWtjSEp2WW1VZ2FYQmZkbk5mZDNKeUNtMXZaSEJ5YjJKbElHbHdYM1p6WDNOb0NncHBaaUJ0YjJScGJtWnZJRzVtWDJOdmJtNTBjbUZqYTE5cGNIWTBJQ1krSUM5a1pYWXZiblZzYkRzZ2RHaGxiZ29nSUcxdlpIQnliMkpsSUc1bVgyTnZibTUwY21GamExOXBjSFkwQ21Wc2MyVUtJQ0J0YjJSd2NtOWlaU0J1Wmw5amIyNXVkSEpoWTJzS1pta0sKCi0gcGF0aDogJy9ldGMvc3lzY3RsLmQvazhzLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBibVYwTG1KeWFXUm5aUzVpY21sa1oyVXRibVl0WTJGc2JDMXBjRFowWVdKc1pYTWdQU0F4Q201bGRDNWljbWxrWjJVdVluSnBaR2RsTFc1bUxXTmhiR3d0YVhCMFlXSnNaWE1nUFNBeENtdGxjbTVsYkM1d1lXNXBZMTl2Ymw5dmIzQnpJRDBnTVFwclpYSnVaV3d1Y0dGdWFXTWdQU0F4TUFwdVpYUXVhWEIyTkM1cGNGOW1iM0ozWVhKa0lEMGdNUXAyYlM1dmRtVnlZMjl0YldsMFgyMWxiVzl5ZVNBOUlERUtabk11YVc1dmRHbG1lUzV0WVhoZmRYTmxjbDkzWVhSamFHVnpJRDBnTVRBME9EVTNOZ3BtY3k1cGJtOTBhV1o1TG0xaGVGOTFjMlZ5WDJsdWMzUmhibU5sY3lBOUlEZ3hPVElLCgotIHBhdGg6ICcvZXRjL2RlZmF1bHQvZ3J1Yi5kLzYwLXN3YXAtYWNjb3VudGluZy5jZmcnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUJCWkdSbFpDQmllU0JyZFdKbGNtMWhkR2xqSUcxaFkyaHBibVV0WTI5dWRISnZiR3hsY2dvaklFVnVZV0pzWlNCalozSnZkWEJ6SUcxbGJXOXllU0JoYm1RZ2MzZGhjQ0JoWTJOdmRXNTBhVzVuQ2tkU1ZVSmZRMDFFVEVsT1JWOU1TVTVWV0QwaVkyZHliM1Z3WDJWdVlXSnNaVDF0WlcxdmNua2djM2RoY0dGalkyOTFiblE5TVNJSwoKLSBwYXRoOiAnL29wdC9iaW4vc2V0dXAnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2WW1sdUwySmhjMmdLYzJWMElDMTRaWFZ2SUhCcGNHVm1ZV2xzQ21sbUlITjVjM1JsYldOMGJDQnBjeTFoWTNScGRtVWdkV1ozT3lCMGFHVnVJSE41YzNSbGJXTjBiQ0J6ZEc5d0lIVm1kenNnWm1rS2MzbHpkR1Z0WTNSc0lHMWhjMnNnZFdaM0NuTjVjM1JsYldOMGJDQnlaWE4wWVhKMElITjVjM1JsYldRdGJXOWtkV3hsY3kxc2IyRmtMbk5sY25acFkyVUtjM2x6WTNSc0lDMHRjM2x6ZEdWdENncGhjSFF0WjJWMElIVndaR0YwWlFvS1JFVkNTVUZPWDBaU1QwNVVSVTVFUFc1dmJtbHVkR1Z5WVdOMGFYWmxJR0Z3ZEMxblpYUWdMVzhnUkhCclp6bzZUM0IwYVc5dWN6bzZQU0l0TFdadmNtTmxMV052Ym1aa1pXWWlJQzF2SUVSd2EyYzZPazl3ZEdsdmJuTTZPajBpTFMxbWIzSmpaUzFqYjI1bWIyeGtJaUJwYm5OMFlXeHNJQzE1SUZ3S0lDQmpkWEpzSUZ3S0lDQmpZUzFqWlhKMGFXWnBZMkYwWlhNZ1hBb2dJR05sY0dndFkyOXRiVzl1SUZ3S0lDQmphV1p6TFhWMGFXeHpJRndLSUNCamIyNXVkSEpoWTJzZ1hBb2dJR1V5Wm5Od2NtOW5jeUJjQ2lBZ1pXSjBZV0pzWlhNZ1hBb2dJR1YwYUhSdmIyd2dYQW9nSUdkc2RYTjBaWEptY3kxamJHbGxiblFnWEFvZ0lHbHdkR0ZpYkdWeklGd0tJQ0JxY1NCY0NpQWdhMjF2WkNCY0NpQWdiM0JsYm5OemFDMWpiR2xsYm5RZ1hBb2dJRzVtY3kxamIyMXRiMjRnWEFvZ0lITnZZMkYwSUZ3S0lDQjFkR2xzTFd4cGJuVjRJRndLSUNCcGNIWnpZV1J0Q21Gd2RDMW5aWFFnZFhCa1lYUmxDbUZ3ZEMxblpYUWdhVzV6ZEdGc2JDQXRlU0JoY0hRdGRISmhibk53YjNKMExXaDBkSEJ6SUdOaExXTmxjblJwWm1sallYUmxjeUJqZFhKc0lITnZablIzWVhKbExYQnliM0JsY25ScFpYTXRZMjl0Ylc5dUlHeHpZaTF5Wld4bFlYTmxDbU4xY213Z0xXWnpVMHdnYUhSMGNITTZMeTlrYjNkdWJHOWhaQzVrYjJOclpYSXVZMjl0TDJ4cGJuVjRMM1ZpZFc1MGRTOW5jR2NnZkNCaGNIUXRhMlY1SUdGa1pDQXRDbUZrWkMxaGNIUXRjbVZ3YjNOcGRHOXllU0FpWkdWaUlHaDBkSEJ6T2k4dlpHOTNibXh2WVdRdVpHOWphMlZ5TG1OdmJTOXNhVzUxZUM5MVluVnVkSFVnSkNoc2MySmZjbVZzWldGelpTQXRZM01wSUhOMFlXSnNaU0lLQ21Gd2RDMW5aWFFnYVc1emRHRnNiQ0F0TFdGc2JHOTNMV1J2ZDI1bmNtRmtaWE1nTFhrZ1hBb2dJQ0FnWTI5dWRHRnBibVZ5WkM1cGJ6MHhMalVxSUZ3S0lDQWdJR1J2WTJ0bGNpMWpaUzFqYkdrOU5Ub3hPUzR3TXlvZ1hBb2dJQ0FnWkc5amEyVnlMV05sUFRVNk1Ua3VNRE1xQ21Gd2RDMXRZWEpySUdodmJHUWdaRzlqYTJWeUxXTmxLaUJqYjI1MFlXbHVaWEprTG1sdkNncHplWE4wWlcxamRHd2daR0ZsYlc5dUxYSmxiRzloWkFwemVYTjBaVzFqZEd3Z1pXNWhZbXhsSUMwdGJtOTNJR1J2WTJ0bGNnb0tiM0IwWDJKcGJqMHZiM0IwTDJKcGJncDFjM0pmYkc5allXeGZZbWx1UFM5MWMzSXZiRzlqWVd3dlltbHVDbU51YVY5aWFXNWZaR2x5UFM5dmNIUXZZMjVwTDJKcGJncHRhMlJwY2lBdGNDQXZaWFJqTDJOdWFTOXVaWFF1WkNBdlpYUmpMMnQxWW1WeWJtVjBaWE12YldGdWFXWmxjM1J6SUNJa2IzQjBYMkpwYmlJZ0lpUmpibWxmWW1sdVgyUnBjaUlLYld0a2FYSWdMWEFnTDJWMFl5OXJkV0psY201bGRHVnpMMlI1Ym1GdGFXTXRZMjl1Wm1sbkxXUnBjZ3BoY21Ob1BTUjdTRTlUVkY5QlVrTklMWDBLYVdZZ1d5QXRlaUFpSkdGeVkyZ2lJRjBLZEdobGJncGpZWE5sSUNRb2RXNWhiV1VnTFcwcElHbHVDbmc0Tmw4Mk5Da0tJQ0FnSUdGeVkyZzlJbUZ0WkRZMElnb2dJQ0FnT3pzS1lXRnlZMmcyTkNrS0lDQWdJR0Z5WTJnOUltRnliVFkwSWdvZ0lDQWdPenNLS2lrS0lDQWdJR1ZqYUc4Z0luVnVjM1Z3Y0c5eWRHVmtJRU5RVlNCaGNtTm9hWFJsWTNSMWNtVXNJR1Y0YVhScGJtY2lDaUFnSUNCbGVHbDBJREVLSUNBZ0lEczdDbVZ6WVdNS1pta0tRMDVKWDFaRlVsTkpUMDQ5SWlSN1EwNUpYMVpGVWxOSlQwNDZMWFl3TGpndU4zMGlDbU51YVY5aVlYTmxYM1Z5YkQwaWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyTnZiblJoYVc1bGNtNWxkSGR2Y210cGJtY3ZjR3gxWjJsdWN5OXlaV3hsWVhObGN5OWtiM2R1Ykc5aFpDOGtRMDVKWDFaRlVsTkpUMDRpQ21OdWFWOW1hV3hsYm1GdFpUMGlZMjVwTFhCc2RXZHBibk10YkdsdWRYZ3RKR0Z5WTJndEpFTk9TVjlXUlZKVFNVOU9MblJuZWlJS1kzVnliQ0F0VEdadklDSWtZMjVwWDJKcGJsOWthWEl2SkdOdWFWOW1hV3hsYm1GdFpTSWdJaVJqYm1sZlltRnpaVjkxY213dkpHTnVhVjltYVd4bGJtRnRaU0lLWTI1cFgzTjFiVDBrS0dOMWNtd2dMVXhtSUNJa1kyNXBYMkpoYzJWZmRYSnNMeVJqYm1sZlptbHNaVzVoYldVdWMyaGhNalUySWlrS1kyUWdJaVJqYm1sZlltbHVYMlJwY2lJS2MyaGhNalUyYzNWdElDMWpJRHc4UENJa1kyNXBYM04xYlNJS2RHRnlJSGgyWmlBaUpHTnVhVjltYVd4bGJtRnRaU0lLY20wZ0xXWWdJaVJqYm1sZlptbHNaVzVoYldVaUNtTmtJQzBLUTFKSlgxUlBUMHhUWDFKRlRFVkJVMFU5SWlSN1ExSkpYMVJQVDB4VFgxSkZURVZCVTBVNkxYWXhMakl5TGpCOUlncGpjbWxmZEc5dmJITmZZbUZ6WlY5MWNtdzlJbWgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzlyZFdKbGNtNWxkR1Z6TFhOcFozTXZZM0pwTFhSdmIyeHpMM0psYkdWaGMyVnpMMlJ2ZDI1c2IyRmtMeVI3UTFKSlgxUlBUMHhUWDFKRlRFVkJVMFY5SWdwamNtbGZkRzl2YkhOZlptbHNaVzVoYldVOUltTnlhV04wYkMwa2UwTlNTVjlVVDA5TVUxOVNSVXhGUVZORmZTMXNhVzUxZUMwa2UyRnlZMmg5TG5SaGNpNW5laUlLWTNWeWJDQXRUR1p2SUNJa2IzQjBYMkpwYmk4a1kzSnBYM1J2YjJ4elgyWnBiR1Z1WVcxbElpQWlKR055YVY5MGIyOXNjMTlpWVhObFgzVnliQzhrWTNKcFgzUnZiMnh6WDJacGJHVnVZVzFsSWdwamNtbGZkRzl2YkhOZmMzVnRQU1FvWTNWeWJDQXRUR1lnSWlSamNtbGZkRzl2YkhOZlltRnpaVjkxY213dkpHTnlhVjkwYjI5c2MxOW1hV3hsYm1GdFpTNXphR0V5TlRZaUlId2djMlZrSUNkekwxd3FYQzh2THljcENtTmtJQ0lrYjNCMFgySnBiaUlLYzJoaE1qVTJjM1Z0SUMxaklEdzhQQ0lrWTNKcFgzUnZiMnh6WDNOMWJTSUtkR0Z5SUhoMlppQWlKR055YVY5MGIyOXNjMTltYVd4bGJtRnRaU0lLY20wZ0xXWWdJaVJqY21sZmRHOXZiSE5mWm1sc1pXNWhiV1VpQ214dUlDMXpaaUFpSkc5d2RGOWlhVzR2WTNKcFkzUnNJaUFpSkhWemNsOXNiMk5oYkY5aWFXNGlMMk55YVdOMGJDQjhmQ0JsWTJodklDSnplVzFpYjJ4cFl5QnNhVzVySUdseklITnJhWEJ3WldRaUNtTmtJQzBLUzFWQ1JWOVdSVkpUU1U5T1BTSWtlMHRWUWtWZlZrVlNVMGxQVGpvdGRqRXVNakl1TW4waUNtdDFZbVZmWkdseVBTSWtiM0IwWDJKcGJpOXJkV0psY201bGRHVnpMU1JMVlVKRlgxWkZVbE5KVDA0aUNtdDFZbVZmWW1GelpWOTFjbXc5SW1oMGRIQnpPaTh2YzNSdmNtRm5aUzVuYjI5bmJHVmhjR2x6TG1OdmJTOXJkV0psY201bGRHVnpMWEpsYkdWaGMyVXZjbVZzWldGelpTOGtTMVZDUlY5V1JWSlRTVTlPTDJKcGJpOXNhVzUxZUM4a1lYSmphQ0lLYTNWaVpWOXpkVzFmWm1sc1pUMGlKR3QxWW1WZlpHbHlMM05vWVRJMU5pSUtiV3RrYVhJZ0xYQWdJaVJyZFdKbFgyUnBjaUlLT2lBK0lpUnJkV0psWDNOMWJWOW1hV3hsSWdvS1ptOXlJR0pwYmlCcGJpQnJkV0psYkdWMElHdDFZbVZoWkcwZ2EzVmlaV04wYkRzZ1pHOEtJQ0FnSUdOMWNtd2dMVXhtYnlBaUpHdDFZbVZmWkdseUx5UmlhVzRpSUNJa2EzVmlaVjlpWVhObFgzVnliQzhrWW1sdUlnb2dJQ0FnWTJodGIyUWdLM2dnSWlScmRXSmxYMlJwY2k4a1ltbHVJZ29nSUNBZ2MzVnRQU1FvWTNWeWJDQXRUR1lnSWlScmRXSmxYMkpoYzJWZmRYSnNMeVJpYVc0dWMyaGhNalUySWlrS0lDQWdJR1ZqYUc4Z0lpUnpkVzBnSUNScmRXSmxYMlJwY2k4a1ltbHVJaUErUGlJa2EzVmlaVjl6ZFcxZlptbHNaU0lLWkc5dVpRcHphR0V5TlRaemRXMGdMV01nSWlScmRXSmxYM04xYlY5bWFXeGxJZ29LWm05eUlHSnBiaUJwYmlCcmRXSmxiR1YwSUd0MVltVmhaRzBnYTNWaVpXTjBiRHNnWkc4S0lDQWdJR3h1SUMxelppQWlKR3QxWW1WZlpHbHlMeVJpYVc0aUlDSWtiM0IwWDJKcGJpSXZKR0pwYmdwa2IyNWxDZ29qSUhObGRDQnJkV0psYkdWMElHNXZaR1ZwY0NCbGJuWnBjbTl1YldWdWRDQjJZWEpwWVdKc1pRb3ZiM0IwTDJKcGJpOXpaWFIxY0Y5dVpYUmZaVzUyTG5Ob0NncHplWE4wWlcxamRHd2daVzVoWW14bElDMHRibTkzSUd0MVltVnNaWFFLYzNsemRHVnRZM1JzSUdWdVlXSnNaU0F0TFc1dmR5QXRMVzV2TFdKc2IyTnJJR3QxWW1Wc1pYUXRhR1ZoYkhSb1kyaGxZMnN1YzJWeWRtbGpaUW89CgotIHBhdGg6ICcvb3B0L2Jpbi9zdXBlcnZpc2Uuc2gnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2WW1sdUwySmhjMmdLYzJWMElDMTRaWFZ2SUhCcGNHVm1ZV2xzQ25kb2FXeGxJQ0VnSWlSQUlqc2daRzhLSUNCemJHVmxjQ0F4Q21SdmJtVUsKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0va3ViZWxldC5zZXJ2aWNlJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgVzFWdWFYUmRDa0ZtZEdWeVBXUnZZMnRsY2k1elpYSjJhV05sQ2xKbGNYVnBjbVZ6UFdSdlkydGxjaTV6WlhKMmFXTmxDZ3BFWlhOamNtbHdkR2x2YmoxcmRXSmxiR1YwT2lCVWFHVWdTM1ZpWlhKdVpYUmxjeUJPYjJSbElFRm5aVzUwQ2tSdlkzVnRaVzUwWVhScGIyNDlhSFIwY0hNNkx5OXJkV0psY201bGRHVnpMbWx2TDJSdlkzTXZhRzl0WlM4S0NsdFRaWEoyYVdObFhRcFZjMlZ5UFhKdmIzUUtVbVZ6ZEdGeWREMWhiSGRoZVhNS1UzUmhjblJNYVcxcGRFbHVkR1Z5ZG1Gc1BUQUtVbVZ6ZEdGeWRGTmxZejB4TUFwRFVGVkJZMk52ZFc1MGFXNW5QWFJ5ZFdVS1RXVnRiM0o1UVdOamIzVnVkR2x1WnoxMGNuVmxDZ3BGYm5acGNtOXViV1Z1ZEQwaVVFRlVTRDB2YjNCMEwySnBiam92WW1sdU9pOTFjM0l2Ykc5allXd3ZjMkpwYmpvdmRYTnlMMnh2WTJGc0wySnBiam92ZFhOeUwzTmlhVzQ2TDNWemNpOWlhVzQ2TDNOaWFXNHZJZ3BGYm5acGNtOXViV1Z1ZEVacGJHVTlMUzlsZEdNdlpXNTJhWEp2Ym0xbGJuUUtDa1Y0WldOVGRHRnlkRkJ5WlQwdlltbHVMMkpoYzJnZ0wyOXdkQzlrYVhOaFlteGxMWE4zWVhBdWMyZ0tSWGhsWTFOMFlYSjBVSEpsUFM5aWFXNHZZbUZ6YUNBdmIzQjBMMnh2WVdRdGEyVnlibVZzTFcxdlpIVnNaWE11YzJnS1JYaGxZMU4wWVhKMFVISmxQUzlpYVc0dlltRnphQ0F2YjNCMEwySnBiaTl6WlhSMWNGOXVaWFJmWlc1MkxuTm9Da1Y0WldOVGRHRnlkRDB2YjNCMEwySnBiaTlyZFdKbGJHVjBJQ1JMVlVKRlRFVlVYMFZZVkZKQlgwRlNSMU1nWEFvZ0lDMHRZbTl2ZEhOMGNtRndMV3QxWW1WamIyNW1hV2M5TDJWMFl5OXJkV0psY201bGRHVnpMMkp2YjNSemRISmhjQzFyZFdKbGJHVjBMbU52Ym1ZZ1hBb2dJQzB0YTNWaVpXTnZibVpwWnowdmRtRnlMMnhwWWk5cmRXSmxiR1YwTDJ0MVltVmpiMjVtYVdjZ1hBb2dJQzB0WTI5dVptbG5QUzlsZEdNdmEzVmlaWEp1WlhSbGN5OXJkV0psYkdWMExtTnZibVlnWEFvZ0lDMHRibVYwZDI5eWF5MXdiSFZuYVc0OVkyNXBJRndLSUNBdExXTmxjblF0WkdseVBTOWxkR012YTNWaVpYSnVaWFJsY3k5d2Eya2dYQW9nSUMwdFkyeHZkV1F0Y0hKdmRtbGtaWEk5WVhkeklGd0tJQ0F0TFdOc2IzVmtMV052Ym1acFp6MHZaWFJqTDJ0MVltVnlibVYwWlhNdlkyeHZkV1F0WTI5dVptbG5JRndLSUNBdExXUjVibUZ0YVdNdFkyOXVabWxuTFdScGNqMHZaWFJqTDJ0MVltVnlibVYwWlhNdlpIbHVZVzFwWXkxamIyNW1hV2N0WkdseUlGd0tJQ0F0TFdabFlYUjFjbVV0WjJGMFpYTTlSSGx1WVcxcFkwdDFZbVZzWlhSRGIyNW1hV2M5ZEhKMVpTQmNDaUFnTFMxbGVHbDBMVzl1TFd4dlkyc3RZMjl1ZEdWdWRHbHZiaUJjQ2lBZ0xTMXNiMk5yTFdacGJHVTlMM1J0Y0M5cmRXSmxiR1YwTG14dlkyc2dYQW9nSUMwdFkyOXVkR0ZwYm1WeUxYSjFiblJwYldVOVpHOWphMlZ5SUZ3S0lDQXRMV052Ym5SaGFXNWxjaTF5ZFc1MGFXMWxMV1Z1WkhCdmFXNTBQWFZ1YVhnNkx5OHZkbUZ5TDNKMWJpOWtiMk5yWlhKemFHbHRMbk52WTJzZ1hBb2dJQzB0Ym05a1pTMXBjQ0FrZTB0VlFrVk1SVlJmVGs5RVJWOUpVSDBLQ2x0SmJuTjBZV3hzWFFwWFlXNTBaV1JDZVQxdGRXeDBhUzExYzJWeUxuUmhjbWRsZEFvPQoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LnNlcnZpY2UuZC9leHRyYXMuY29uZicKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcxTmxjblpwWTJWZENrVnVkbWx5YjI1dFpXNTBQU0pMVlVKRlRFVlVYMFZZVkZKQlgwRlNSMU05TFMxeVpYTnZiSFl0WTI5dVpqMHZjblZ1TDNONWMzUmxiV1F2Y21WemIyeDJaUzl5WlhOdmJIWXVZMjl1WmlJSwoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL2Nsb3VkLWNvbmZpZycKICBwZXJtaXNzaW9uczogJzA2MDAnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcyZHNiMkpoYkYwS1dtOXVaVDBpWlhVdFkyVnVkSEpoYkMweFlpSUtWbEJEUFNKbExURXlNMllpQ2xOMVltNWxkRWxFUFNKMFpYTjBMWE4xWW01bGRDSUtDZz09CgotIHBhdGg6ICcvb3B0L2Jpbi9zZXR1cF9uZXRfZW52LnNoJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdmRYTnlMMkpwYmk5bGJuWWdZbUZ6YUFwbFkyaHZaR0YwWlNncElIc0tJQ0JsWTJodklDSmJKQ2hrWVhSbElDMUpjeWxkSWlBaUpFQWlDbjBLQ2lNZ1oyVjBJSFJvWlNCa1pXWmhkV3gwSUdsdWRHVnlabUZqWlNCSlVDQmhaR1J5WlhOekNrUkZSa0ZWVEZSZlNVWkRYMGxRUFNRb2FYQWdMVzhnSUhKdmRYUmxJR2RsZENBeElId2daM0psY0NBdGIxQWdJbk55WXlCY1MxeFRLeUlwQ2dwcFppQmJJQzE2SUNJa2UwUkZSa0ZWVEZSZlNVWkRYMGxRZlNJZ1hRcDBhR1Z1Q2lBZ1pXTm9iMlJoZEdVZ0lrWmhhV3hsWkNCMGJ5Qm5aWFFnU1ZBZ1lXUmtjbVZ6Y3lCbWIzSWdkR2hsSUdSbFptRjFiSFFnY205MWRHVWdhVzUwWlhKbVlXTmxJZ29nSUdWNGFYUWdNUXBtYVFvS0NpTWdaMlYwSUhSb1pTQm1kV3hzSUdodmMzUnVZVzFsQ2taVlRFeGZTRTlUVkU1QlRVVTlKQ2hvYjNOMGJtRnRaU0F0WmlrS0l5QnBaaUF2WlhSakwyaHZjM1J1WVcxbElHbHpJRzV2ZENCbGJYQjBlU0IwYUdWdUlIVnpaU0IwYUdVZ2FHOXpkRzVoYldVZ1puSnZiU0IwYUdWeVpRcHBaaUJiSUMxeklDOWxkR012YUc5emRHNWhiV1VnWFRzZ2RHaGxiZ29nSUVaVlRFeGZTRTlUVkU1QlRVVTlKQ2hqWVhRZ0wyVjBZeTlvYjNOMGJtRnRaU2tLWm1rS0NpTWdkM0pwZEdVZ2RHaGxJRzV2WkdWcGNGOWxibllnWm1sc1pRb2pJSGRsSUc1bFpXUWdkR2hsSUd4cGJtVWdZbVZzYjNjZ1ltVmpZWFZ6WlNCbWJHRjBZMkZ5SUdoaGN5QjBhR1VnYzJGdFpTQnpkSEpwYm1jZ0ltTnZjbVZ2Y3lJZ2FXNGdkR2hoZENCbWFXeGxDbWxtSUdkeVpYQWdMWEVnWTI5eVpXOXpJQzlsZEdNdmIzTXRjbVZzWldGelpRcDBhR1Z1Q2lBZ1pXTm9ieUFpUzFWQ1JVeEZWRjlPVDBSRlgwbFFQU1I3UkVWR1FWVk1WRjlKUmtOZlNWQjlYRzVMVlVKRlRFVlVYMGhQVTFST1FVMUZQU1I3UmxWTVRGOUlUMU5VVGtGTlJYMGlJRDRnTDJWMFl5OXJkV0psY201bGRHVnpMMjV2WkdWcGNDNWpiMjVtQ21Wc2FXWWdXeUFoSUMxa0lDOWxkR012YzNsemRHVnRaQzl6ZVhOMFpXMHZhM1ZpWld4bGRDNXpaWEoyYVdObExtUWdYUXAwYUdWdUNpQWdaV05vYjJSaGRHVWdJa05oYmlkMElHWnBibVFnYTNWaVpXeGxkQ0J6WlhKMmFXTmxJR1Y0ZEhKaGN5QmthWEpsWTNSdmNua2lDaUFnWlhocGRDQXhDbVZzYzJVS0lDQmxZMmh2SUMxbElDSmJVMlZ5ZG1salpWMWNia1Z1ZG1seWIyNXRaVzUwUFZ3aVMxVkNSVXhGVkY5T1QwUkZYMGxRUFNSN1JFVkdRVlZNVkY5SlJrTmZTVkI5WENKY2JrVnVkbWx5YjI1dFpXNTBQVndpUzFWQ1JVeEZWRjlJVDFOVVRrRk5SVDBrZTBaVlRFeGZTRTlUVkU1QlRVVjlYQ0lpSUQ0Z0wyVjBZeTl6ZVhOMFpXMWtMM041YzNSbGJTOXJkV0psYkdWMExuTmxjblpwWTJVdVpDOXViMlJsYVhBdVkyOXVaZ3BtYVFvPQoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL3BraS9jYS5jcnQnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VWWGFrTkRRVEJMWjBGM1NVSkJaMGxLUVV4bVVteFhjMGs0V1ZGSVRVRXdSME5UY1VkVFNXSXpSRkZGUWtKUlZVRk5TSE40UTNwQlNrSm5UbFlLUWtGWlZFRnNWbFJOVVhOM1ExRlpSRlpSVVVsRmQwcEVVVlJGVjAxQ1VVZEJNVlZGUW5oTlRsVXlSblZKUlZwNVdWYzFhbUZZVG1waWVrVlZUVUpKUndwQk1WVkZRMmhOVEZGdVNtaGFSMXB3WkVod2NHSnRUWGhGYWtGUlFtZE9Wa0pCVFZSRFYzaDJXVEpHYzJGSE9YcGtSRVZrVFVKelIwTlRjVWRUU1dJekNrUlJSVXBCVWxsUFdXNUthRnBGUW10WlZ6VnVXVk0xYW1JeU1IZElhR05PVFZSUmQwNTZSVEZOYWtFd1RtcEJNVmRvWTA1TlZHTjNUbFJCTUUxcVFUQUtUbXBCTVZkcVFqZE5VWE4zUTFGWlJGWlJVVWRGZDBwV1ZYcEZURTFCYTBkQk1WVkZRMEpOUTFFd1JYaEdha0ZWUW1kT1ZrSkJZMVJFVms1b1ltbENSd3BqYlVaMVdUSnNlbGt5T0hoR1JFRlRRbWRPVmtKQmIxUkRNRXA1V1ZkU2JXRllValpoVnpWcVRWSkpkMFZCV1VSV1VWRkVSWGRzYzJJeVRtaGlSMmgyQ21NelVYaElWRUZpUW1kcmNXaHJhVWM1ZHpCQ1ExRkZWMFJ0U25sWlYxSkJXa2RHZFZveVJYVlpNamwwVFVsSlFrbHFRVTVDWjJ0eGFHdHBSemwzTUVJS1FWRkZSa0ZCVDBOQlVUaEJUVWxKUWtOblMwTkJVVVZCZERWbVFXcHdOR1pVWTJWclYxVlVabnB6Y0RCcmVXbG9NVTlaWW5OSFREQkxXREZsVW1KVFV3cFNPRTlrTUNzNVVUWXlTSGx1ZVN0SFJuZE5WR0kwUVM5TFZUaHRjM052U0haalkyVlRRVUZpZDJaaWVFWkxMeXR6TlRGVWIySnhWVzVQVWxweVQyOVVDbHBxYTFWNVoySjVXRVJUU3prNVdVSmlZMUl4VUdsd09IWjNUVlJ0TkZoTGRVeDBRMmxuWlVKQ1pHcHFRVkZrWjFWUE1qaE1SVTVIYkhOTmJtMWxXV3NLU21aUFJGWkhibFp0Y2pWTWRHSTVRVTVCT0VsTGVWUm1jMjVJU2pScFQwTlRMMUJzVUdKVmFqSnhOMWx1YjFaTWNHOXpWVUpOYkdkVllpOURlV3RZTXdwdFQyOU1ZalI1U2twUmVVRXZhVk5VTmxwNGFVbEZhak0yUkRSNVYxbzFiR2MzV1Vwc0sxVnBhVUpSU0VkRGJsQmtSM2xwY0hGV01EWmxlREJvWlZsWENtTmhhVmM0VEZkYVUxVlJPVE5xVVN0WFZrTklPR2hVTjBSUlR6RmtiWE4yVlcxWWJIRXZTbVZCYkhkUkwxRkpSRUZSUVVKdk5FaG5UVWxJWkUxQ01FY0tRVEZWWkVSblVWZENRbEpqUVZKUGRHaFRORkEwVlRkMlZHWnFRbmxETlRZNVVqZEZOa1JEUW5KUldVUldVakJxUWtsSGJFMUpSMmxuUWxKalFWSlBkQXBvVXpSUU5GVTNkbFJtYWtKNVF6VTJPVkkzUlRaTFJpOXdTREIzWlhwRlRFMUJhMGRCTVZWRlFtaE5RMVpXVFhoRGVrRktRbWRPVmtKQloxUkJhMDVDQ2sxU1dYZEdRVmxFVmxGUlNFVjNNVlJaVnpSblVtNUthR0p0VG5Cak1rNTJUVkpSZDBWbldVUldVVkZMUlhkMFEyTnRSbXRhYld3d1pXMXNkVmw2UlZNS1RVSkJSMEV4VlVWQmVFMUtZa2M1YWxsWGVHOWlNMDR3VFZJd2QwZDNXVXBMYjFwSmFIWmpUa0ZSYTBKR1p6VnBZMjFHYTFGSFVtaGliV1JvVEcxT2RncGlXVWxLUVV4bVVteFhjMGs0V1ZGSVRVRjNSMEV4VldSRmQxRkdUVUZOUWtGbU9IZEVVVmxLUzI5YVNXaDJZMDVCVVVWR1FsRkJSR2RuUlVKQlJ6Wm9DbFU1WmpselRrZ3dMelp2UW1KSFIza3lSVlpWTUZWblNWUlZVVWx5Umxkdk9YSkdhM0pYTldzdldHdEVhbEZ0S3pOc2VtcFVNR2xIVWpSSmVFVXZRVzhLWlZVMmMxRm9kV0UzZDNKWFpVWkZialEzUjB3NU9HeHVRM05LWkVRM2IxcE9hRVp0VVRrMVZHSXZURzVFVldwek5WbHFPV0p5VURCT1YzcFlabGxWTkFwVlN6SmFia2xPU2xKalNuQkNPR2xTUTJGRGVFVTRSR1JqVlVZd1dIRkpSWEUyY0VFeU56SnpibTlNYldsWVRFMTJUbXd6YTFsRlpHMHJhbVUyZG05RUNqVTRVMDVXUlZWemVuUjZVWGxZYlVwRmFFTndkMVpKTUVFMlVVTnFlbGhxSzNGMmNHMTNNMXBhU0drNFNuZFlaV2s0V2xwQ1RGUlRSa0pyYVRoYU4yNEtjMGc1UWtKSU16Z3ZVM3BWYlVGT05GRklVMUI1TVdkcWNXMHdNRTlCUlRoT1lWbEVhMmd2WW5wRk5HUTNiVXhIUjAxWGNDOVhSVE5MVUZOMU9ESklSZ3ByVUdVMldHOVRZbWxNYlM5cmVHc3pNbFF3UFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PQoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL2Jvb3RzdHJhcC1rdWJlbGV0LmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBZWEJwVm1WeWMybHZiam9nZGpFS1kyeDFjM1JsY25NNkNpMGdZMngxYzNSbGNqb0tJQ0FnSUdObGNuUnBabWxqWVhSbExXRjFkR2h2Y21sMGVTMWtZWFJoT2lCTVV6QjBURk14UTFKVlpFcFVhVUpFVWxaS1ZWTlZXa3BSTUVaVlVsTXdkRXhUTUhSRGF6RktVMVZTU0ZKRlRrUlJWMlJFV2pCR00xTlZTa0phTUd4RFVWVlNRbFJyU201aE0wWnZZVEpzU0U5WVkzZFJhMFpTWXpCYVFsSkZSVFZVVmxKNlpEQTVVbGRWVWxkVlZrWkZVbGh3UzJWWFNYbFBWRUZMVkVaa1QyRkZlSFZWVkU1cVZqTlNORnBWVWxkbFIxSkVUbGQ0YTFkRmNESlpNR1JXWkVkUmVWWnVjR3RTUlRFd1YxaHJNV0V4Y0ZsWFdGWm9UVEZhY0Zkc2FFdGtSbXhaVlc1Q1dtVlVWbmRaYm5CQ1dsRndSMlI2UWpSVU1GSkNaVlV4UlZKWWFFNWxiRlY1VkZWU2IxbFZXak5OU0d4UVVrVkdORlJZY0VKbFJURTJWbFJLVGxKSGFHaFVWVkYzWlVVNU5sRlVWa05hTURWWFVXdEdUbFpGTVhWVGJscHBUVEZHTUVOc2EzbFNXRlpyVWtkU05GbFVUa2RPUlRWWlVtcENUV0pXV1hoWk1qQTFaREZ3VkUxVVRtRlhSVFIzVkZocmVHRnJlSFJWYlhocllWUldlVnBHWkV0aVIwNTBUVmRvYTFJeWVIRlVSekZ6WkdzeFNsTlZTVXRUVjNCQ1ZHdEtibUV6Um05aE1teElUMWhqZDFGclJsSlNWVnBDVVZVNVJGRldSVFJSVlRGS1UxVktSRm93ZEVSUlZrWkdVVmhCTWxORVdsZE9WRnBwVjFWb01sRXlWalpVUjNSNVdtdHNObFJVWjNoWlozQndZbnBqZGxkdFJqTk1NSGhNVWxoamQxcFZXWEpVUlRFeVRrVlZja3d4UlhaYWExcHZZekJvUkVzeU1XOWFWWGh1VFZWb1dGWldRa2RWUmtweVRrWkNVazlFVm5SUlV6Z3daRWR3Y0dKWGNGUlZSVnBGUTIxek1sVXdiSFJsYTNSSFZFWnNVbG96WkVSYU1tUndWbnBvVDAxdGFGQkxlbXcyWTJ0S1ZsRlZlRXRTYTJSRFRtcFNkbFF5VG1sUmJXOHlVbGhKZGtzd05YTlZSV1JLVFRGS1UxWXhaR3RoVlZaVlZqQlpTMVl4YkVST1IzQnRVMjF3YVZKcVZsRlpibXcxVjBWb2RXTXdaRzFrUms1UFYxWndRMVJFWTNoV2VtUnZUMWR3VFZZelFqVldWbVJNVkVSYVlWZFZSazlrTUZKUVZHcEtVMWx1UVROa1NFSXhaSHBDV1U1bmNISmhlWE4zVVZaYU0xWnVjSEpOZWtGeVZGVTFObUpYV1RGTlNFWXpTekk0TkUxVWFHbGFhM2hXVWtkMGFGUnJNVzFVUmsweVUxUkNNMVZYTUROVmEyUnVTekF4Ymxac1NrVmxWRTVFWkZac2VGcHJiRmhEYkd0NVpXNW5NbGw2WkZGaldIQkhZekZhVjFwcmJIbFpWRUpwVFVoR2FHUkZOWE5OVm1oSllXcG9NRXN3WkU5alYxSnBZVlJKZGxKc1JuRlJNMmh3WWtaU1QyUlhOVEJXUkU0eVpWUktiRlF3YUZKVFZWRkxVVlpHUWxGdE9UVlVXR1JLVmtWR1VGRnRaRTlXYTJoU1QwVktRbHBxYUVaUmEwWk9VVEJHZUZWWVpFVmtNV3hGVm14SmQxWkZSbEpUUXpsRFVWWldNMUZZWkVaUmFUazJVVlUxUTFveWRIaGhSM1J3VW5kdk5XUjZRa05SVmtaNlVtdEdRbFF3VGtKVlZWWkNVMWN4Um1KcmJGbFdhazVGWlZjeFJHTlViSGhWUkdSM1N6TldTMDVVVmpGYWJHaHJZVEZKZVZveWFFVldWbXg1VmtaU2FsVklaSEZWYWtweFZrVm9hRU50YkdGUlUzUnVUMGMwTWxWWVNsWmlNRTVGVG01T05sSjVkSE5oUjBaelRqSm9VVTV1YUd0V00xWlRZV3hvUjFORk9ETlphelV5VG1wT1NtTlZWa2hsYkVwRldqTmpNVm96WkdwalZsWlZWMnRXTW1ReVkwdGFNakUyVG5wVk5XUjVPV2hTYlZsNFZtcEZlV0ZFUm1oYWJFSjBVVlJzUmxKNlZrOWFSV2cwWXpObk5WRlhlRWxMTUZreVpFaHNlbU5JUWxoaFJsVTBWMFZXVWxaVlJreFJNVUp4WW01a1ZtSlZjekJqUVc4eldqTmFWVmR1U1hsbGJtOHdZbTVrYjFkdE9IcFVSR2MxVFVST2VHTklVbXBqVkVaelYycFNVRmRZVGtWaU1XaDJZa1JHTVdWdFJsSlRSR2Q1WlVoc00xcFdUa3hSTUhSWlkwVTVhV0ZZY0d4T1ZtOTNRMjVrZDJKdGNHdFNTRlpKVDBSa05FNUlTVEJVUjNCT1YyNUNNVTB6V2xsT2EzaHhVV3RTVGxWR1pISlRSV2hSVkdwV1FtRlhNSGhUYTNnd1RuazVVMVJHUW01V1NGSnhZekJ3VG1Oc1VrSlZlbVJ2V2pGdlMxcHJkRTFVUkd4U1ZGWkdjMDV1VFhoamEyaExUa1YwY2t3eVZUTlRNR00wVTBWRk1HRkZWazlTVjJoeVQxWnNSVnBzUlRsUVVXOTBURk13ZEV4VlZrOVNRMEpFVWxaS1ZWTlZXa3BSTUVaVlVsTXdkRXhUTUhSRFp6MDlDaUFnSUNCelpYSjJaWEk2SUdoMGRIQnpPaTh2Wm05dkxtSmhjam8yTkRRekNpQWdibUZ0WlRvZ1l3cGpiMjUwWlhoMGN6b0tMU0JqYjI1MFpYaDBPZ29nSUNBZ1kyeDFjM1JsY2pvZ1l3b2dJQ0FnZFhObGNqb2dZd29nSUc1aGJXVTZJR01LWTNWeWNtVnVkQzFqYjI1MFpYaDBPaUJqQ210cGJtUTZJRU52Ym1acFp3cHdjbVZtWlhKbGJtTmxjem9nZTMwS2RYTmxjbk02Q2kwZ2JtRnRaVG9nWXdvZ0lIVnpaWEk2Q2lBZ0lDQjBiMnRsYmpvZ2RHVnpkQzUwWlhOMENnbz0KCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0vc2V0dXAuc2VydmljZScKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcwbHVjM1JoYkd4ZENsZGhiblJsWkVKNVBXMTFiSFJwTFhWelpYSXVkR0Z5WjJWMENncGJWVzVwZEYwS1VtVnhkV2x5WlhNOWJtVjBkMjl5YXkxdmJteHBibVV1ZEdGeVoyVjBDa0ZtZEdWeVBXNWxkSGR2Y21zdGIyNXNhVzVsTG5SaGNtZGxkQW9LVzFObGNuWnBZMlZkQ2xSNWNHVTliMjVsYzJodmRBcFNaVzFoYVc1QlpuUmxja1Y0YVhROWRISjFaUXBGYm5acGNtOXViV1Z1ZEVacGJHVTlMUzlsZEdNdlpXNTJhWEp2Ym0xbGJuUUtSWGhsWTFOMFlYSjBQUzl2Y0hRdlltbHVMM04xY0dWeWRtbHpaUzV6YUNBdmIzQjBMMkpwYmk5elpYUjFjQW89CgotIHBhdGg6ICcvZXRjL3Byb2ZpbGUuZC9vcHQtYmluLXBhdGguc2gnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBaWGh3YjNKMElGQkJWRWc5SWk5dmNIUXZZbWx1T2lSUVFWUklJZ289CgotIHBhdGg6ICcvZXRjL2t1YmVybmV0ZXMva3ViZWxldC5jb25mJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgWVhCcFZtVnljMmx2YmpvZ2EzVmlaV3hsZEM1amIyNW1hV2N1YXpoekxtbHZMM1l4WW1WMFlURUthMmx1WkRvZ1MzVmlaV3hsZEVOdmJtWnBaM1Z5WVhScGIyNEtZWFYwYUdWdWRHbGpZWFJwYjI0NkNpQWdZVzV2Ym5sdGIzVnpPZ29nSUNBZ1pXNWhZbXhsWkRvZ1ptRnNjMlVLSUNCM1pXSm9iMjlyT2dvZ0lDQWdaVzVoWW14bFpEb2dkSEoxWlFvZ0lIZzFNRGs2Q2lBZ0lDQmpiR2xsYm5SRFFVWnBiR1U2SUM5bGRHTXZhM1ZpWlhKdVpYUmxjeTl3YTJrdlkyRXVZM0owQ21GMWRHaHZjbWw2WVhScGIyNDZDaUFnYlc5a1pUb2dWMlZpYUc5dmF3cGpaM0p2ZFhCRWNtbDJaWEk2SUhONWMzUmxiV1FLWTJ4MWMzUmxja1JPVXpvS0xTQWlNVEF1TUM0d0xqQWlDbU5zZFhOMFpYSkViMjFoYVc0NklHTnNkWE4wWlhJdWJHOWpZV3dLWm1WaGRIVnlaVWRoZEdWek9nb2dJRWR5WVdObFpuVnNUbTlrWlZOb2RYUmtiM2R1T2lCMGNuVmxDaUFnU1dSbGJuUnBabmxRYjJSUFV6b2dabUZzYzJVS2NISnZkR1ZqZEV0bGNtNWxiRVJsWm1GMWJIUnpPaUIwY25WbENuSmxZV1JQYm14NVVHOXlkRG9nTUFweWIzUmhkR1ZEWlhKMGFXWnBZMkYwWlhNNklIUnlkV1VLYzJWeWRtVnlWRXhUUW05dmRITjBjbUZ3T2lCMGNuVmxDbk4wWVhScFkxQnZaRkJoZEdnNklDOWxkR012YTNWaVpYSnVaWFJsY3k5dFlXNXBabVZ6ZEhNS2EzVmlaVkpsYzJWeWRtVmtPZ29nSUdOd2RUb2dNekJ0Q2lBZ1pYQm9aVzFsY21Gc0xYTjBiM0poWjJVNklETXdSMmtLYzNsemRHVnRVbVZ6WlhKMlpXUTZDaUFnWTNCMU9pQXpNRzBLSUNCbGNHaGxiV1Z5WVd3dGMzUnZjbUZuWlRvZ016QkhhUXBsZG1samRHbHZia2hoY21RNkNpQWdiV1Z0YjNKNUxtRjJZV2xzWVdKc1pUb2dNekJOYVFwdFlYaFFiMlJ6T2lBeE1UQUtkR3h6UTJsd2FHVnlVM1ZwZEdWek9nb3RJRlJNVTE5QlJWTmZNVEk0WDBkRFRWOVRTRUV5TlRZS0xTQlVURk5mUVVWVFh6STFObDlIUTAxZlUwaEJNemcwQ2kwZ1ZFeFRYME5JUVVOSVFUSXdYMUJQVEZreE16QTFYMU5JUVRJMU5nb3RJRlJNVTE5RlEwUklSVjlGUTBSVFFWOVhTVlJJWDBGRlUxOHhNamhmUjBOTlgxTklRVEkxTmdvdElGUk1VMTlGUTBSSVJWOUZRMFJUUVY5WFNWUklYMEZGVTE4eU5UWmZSME5OWDFOSVFUTTROQW90SUZSTVUxOUZRMFJJUlY5RlEwUlRRVjlYU1ZSSVgwTklRVU5JUVRJd1gxQlBURmt4TXpBMUNpMGdWRXhUWDBWRFJFaEZYMUpUUVY5WFNWUklYMEZGVTE4eE1qaGZSME5OWDFOSVFUSTFOZ290SUZSTVUxOUZRMFJJUlY5U1UwRmZWMGxVU0Y5QlJWTmZNalUyWDBkRFRWOVRTRUV6T0RRS0xTQlVURk5mUlVORVNFVmZVbE5CWDFkSlZFaGZRMGhCUTBoQk1qQmZVRTlNV1RFek1EVUtkbTlzZFcxbFVHeDFaMmx1UkdseU9pQXZkbUZ5TDJ4cFlpOXJkV0psYkdWMEwzWnZiSFZ0WlhCc2RXZHBibk1LCgotIHBhdGg6ICcvZXRjL3N5c3RlbWQvc3lzdGVtL2t1YmVsZXQtaGVhbHRoY2hlY2suc2VydmljZScKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcxVnVhWFJkQ2xKbGNYVnBjbVZ6UFd0MVltVnNaWFF1YzJWeWRtbGpaUXBCWm5SbGNqMXJkV0psYkdWMExuTmxjblpwWTJVS0NsdFRaWEoyYVdObFhRcEZlR1ZqVTNSaGNuUTlMMjl3ZEM5aWFXNHZhR1ZoYkhSb0xXMXZibWwwYjNJdWMyZ2dhM1ZpWld4bGRBb0tXMGx1YzNSaGJHeGRDbGRoYm5SbFpFSjVQVzExYkhScExYVnpaWEl1ZEdGeVoyVjBDZz09CgotIHBhdGg6ICcvb3B0L2Rpc2FibGUtc3dhcC5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZkWE55TDJKcGJpOWxibllnWW1GemFBcHpaWFFnTFdWMWJ5QndhWEJsWm1GcGJBb0tJeUJOWVd0bElITjFjbVVnZDJVZ1lXeDNZWGx6SUdScGMyRmliR1VnYzNkaGNDQXRJRTkwYUdWeWQybHpaU0IwYUdVZ2EzVmlaV3hsZENCM2IyNG5kQ0J6ZEdGeWRDQmhjeUJtYjNJZ2MyOXRaU0JqYkc5MVpBb2pJSEJ5YjNacFpHVnljeUJ6ZDJGd0lHZGxkSE1nWlc1aFlteGxaQ0J2YmlCeVpXSnZiM1FnYjNJZ1lXWjBaWElnZEdobElITmxkSFZ3SUhOamNtbHdkQ0JvWVhNZ1ptbHVhWE5vWldRZ1pYaGxZM1YwYVc1bkxncHpaV1FnTFdrdWIzSnBaeUFuTHk0cWMzZGhjQzRxTDJRbklDOWxkR012Wm5OMFlXSUtjM2RoY0c5bVppQXRZUW89CgotIHBhdGg6ICcvZXRjL3N5c3RlbWQvc3lzdGVtL2NvbnRhaW5lcmQuc2VydmljZS5kL2Vudmlyb25tZW50LmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGNvbnRlbnQ6IHwtCiAgICBbU2VydmljZV0KICAgIFJlc3RhcnQ9YWx3YXlzCiAgICBFbnZpcm9ubWVudEZpbGU9LS9ldGMvZW52aXJvbm1lbnQKICAgIAoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9kb2NrZXIuc2VydmljZS5kL2Vudmlyb25tZW50LmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGNvbnRlbnQ6IHwtCiAgICBbU2VydmljZV0KICAgIFJlc3RhcnQ9YWx3YXlzCiAgICBFbnZpcm9ubWVudEZpbGU9LS9ldGMvZW52aXJvbm1lbnQKICAgIAoKLSBwYXRoOiAnL2V0Yy9kb2NrZXIvZGFlbW9uLmpzb24nCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBleUpsZUdWakxXOXdkSE1pT2xzaWJtRjBhWFpsTG1ObmNtOTFjR1J5YVhabGNqMXplWE4wWlcxa0lsMHNJbk4wYjNKaFoyVXRaSEpwZG1WeUlqb2liM1psY214aGVUSWlMQ0pzYjJjdFpISnBkbVZ5SWpvaWFuTnZiaTFtYVd4bElpd2liRzluTFc5d2RITWlPbnNpYldGNExXWnBiR1VpT2lJek1DSXNJbTFoZUMxemFYcGxJam9pTXpBd2JTSjlMQ0pwYm5ObFkzVnlaUzF5WldkcGMzUnlhV1Z6SWpwYklqRTVNaTR4TmpndU1UQXdMakV3TURvMU1EQXdJaXdpTVRBdU1DNHdMakU2TlRBd01DSmRMQ0p5WldkcGMzUnllUzF0YVhKeWIzSnpJanBiSW1oMGRIQnpPaTh2Y21WbmFYTjBjbmt1Wkc5amEyVnlMV051TG1OdmJTSmRmUT09CgotIHBhdGg6ICcvcm9vdC8uZG9ja2VyL2NvbmZpZy5qc29uJwogIHBlcm1pc3Npb25zOiAnMDYwMCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgCg== +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: kubelet-configuration-kube-system-provisioning-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-bootstrap.yaml b/pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-bootstrap.yaml index e69de29b..65a1dc18 100644 --- a/pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-bootstrap.yaml +++ b/pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-bootstrap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiBubwpzc2hfYXV0aG9yaXplZF9rZXlzOgotICdzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFEQVFBQkFBQUNBUURkT0loWW16Q0s1RFNWTHUzYycKd3JpdGVfZmlsZXM6Ci0gcGF0aDogJy9vcHQvYmluL2Jvb3RzdHJhcCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZZbWx1TDJKaGMyZ0tjMlYwSUMxNFpYVnZJSEJwY0dWbVlXbHNDZ3BsZUhCdmNuUWdSRVZDU1VGT1gwWlNUMDVVUlU1RVBXNXZibWx1ZEdWeVlXTjBhWFpsQ21Gd2RDQjFjR1JoZEdVZ0ppWWdZWEIwSUdsdWMzUmhiR3dnTFhrZ1kzVnliQ0JxY1FwamRYSnNJQzF6SUMxcklDMTJJQzB0YUdWaFpHVnlJQ2RCZFhSb2IzSnBlbUYwYVc5dU9pQkNaV0Z5WlhJZ2RHOXdMWE5sWTNKbGRDY0phSFIwY0hNNkx5OW1iMjh1WW1GeU9qWTBORE12WVhCcEwzWXhMMjVoYldWemNHRmpaWE12WTJ4dmRXUXRhVzVwZEMxelpYUjBhVzVuY3k5elpXTnlaWFJ6TDI5emNDMXlhR1ZzTFdGM2N5MXJkV0psTFhONWMzUmxiUzF3Y205MmFYTnBiMjVwYm1jdFkyOXVabWxuSUh3Z2FuRWdKeTVrWVhSaFd5SmpiRzkxWkMxamIyNW1hV2NpWFNjZ0xYSjhJR0poYzJVMk5DQXRaQ0ErSUM5bGRHTXZZMnh2ZFdRdlkyeHZkV1F1WTJabkxtUXZiM053TFhKb1pXd3RZWGR6TFd0MVltVXRjM2x6ZEdWdExYQnliM1pwYzJsdmJtbHVaeTFqYjI1bWFXY3VZMlpuQ21Oc2IzVmtMV2x1YVhRZ1kyeGxZVzRLWTJ4dmRXUXRhVzVwZENBdExXWnBiR1VnTDJWMFl5OWpiRzkxWkM5amJHOTFaQzVqWm1jdVpDOXZjM0F0Y21obGJDMWhkM010YTNWaVpTMXplWE4wWlcwdGNISnZkbWx6YVc5dWFXNW5MV052Ym1acFp5NWpabWNnYVc1cGRBcHplWE4wWlcxamRHd2daR0ZsYlc5dUxYSmxiRzloWkFvS2MzbHpkR1Z0WTNSc0lISmxjM1JoY25RZ2MyVjBkWEF1YzJWeWRtbGpaUW89CgotIHBhdGg6ICcvZXRjL3N5c3RlbWQvc3lzdGVtL2Jvb3RzdHJhcC5zZXJ2aWNlJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdlltbHVMMkpoYzJnS1cwbHVjM1JoYkd4ZENsZGhiblJsWkVKNVBXMTFiSFJwTFhWelpYSXVkR0Z5WjJWMENncGJWVzVwZEYwS1VtVnhkV2x5WlhNOWJtVjBkMjl5YXkxdmJteHBibVV1ZEdGeVoyVjBDa0ZtZEdWeVBXNWxkSGR2Y21zdGIyNXNhVzVsTG5SaGNtZGxkQXBiVTJWeWRtbGpaVjBLVkhsd1pUMXZibVZ6YUc5MENsSmxiV0ZwYmtGbWRHVnlSWGhwZEQxMGNuVmxDa1Y0WldOVGRHRnlkRDB2YjNCMEwySnBiaTlpYjI5MGMzUnlZWEFLCgpydW5jbWQ6Ci0gc3lzdGVtY3RsIHJlc3RhcnQgYm9vdHN0cmFwLnNlcnZpY2UKLSBzeXN0ZW1jdGwgZGFlbW9uLXJlbG9hZAoKcmhfc3Vic2NyaXB0aW9uOgogICAgYXV0by1hdHRhY2g6IGZhbHNlCiAgICBwYXNzd29yZDogCiAgICB1c2VybmFtZTogCg== +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: osp-rhel-aws-kube-system-bootstrap-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml b/pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml index e69de29b..8b42c5d9 100644 --- a/pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-osc-rhel-8.x-cloud-init-modules-provisioning.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiBubwpzc2hfYXV0aG9yaXplZF9rZXlzOgotICdzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFEQVFBQkFBQUNBUURkT0loWW16Q0s1RFNWTHUzYycKd3JpdGVfZmlsZXM6Ci0gcGF0aDogJy9vcHQvYmluL2hlYWx0aC1tb25pdG9yLnNoJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdmRYTnlMMkpwYmk5bGJuWWdZbUZ6YUFvS0l5QkRiM0I1Y21sbmFIUWdNakF4TmlCVWFHVWdTM1ZpWlhKdVpYUmxjeUJCZFhSb2IzSnpMZ29qQ2lNZ1RHbGpaVzV6WldRZ2RXNWtaWElnZEdobElFRndZV05vWlNCTWFXTmxibk5sTENCV1pYSnphVzl1SURJdU1DQW9kR2hsSUNKTWFXTmxibk5sSWlrN0NpTWdlVzkxSUcxaGVTQnViM1FnZFhObElIUm9hWE1nWm1sc1pTQmxlR05sY0hRZ2FXNGdZMjl0Y0d4cFlXNWpaU0IzYVhSb0lIUm9aU0JNYVdObGJuTmxMZ29qSUZsdmRTQnRZWGtnYjJKMFlXbHVJR0VnWTI5d2VTQnZaaUIwYUdVZ1RHbGpaVzV6WlNCaGRBb2pDaU1nSUNBZ0lHaDBkSEE2THk5M2QzY3VZWEJoWTJobExtOXlaeTlzYVdObGJuTmxjeTlNU1VORlRsTkZMVEl1TUFvakNpTWdWVzVzWlhOeklISmxjWFZwY21Wa0lHSjVJR0Z3Y0d4cFkyRmliR1VnYkdGM0lHOXlJR0ZuY21WbFpDQjBieUJwYmlCM2NtbDBhVzVuTENCemIyWjBkMkZ5WlFvaklHUnBjM1J5YVdKMWRHVmtJSFZ1WkdWeUlIUm9aU0JNYVdObGJuTmxJR2x6SUdScGMzUnlhV0oxZEdWa0lHOXVJR0Z1SUNKQlV5QkpVeUlnUWtGVFNWTXNDaU1nVjBsVVNFOVZWQ0JYUVZKU1FVNVVTVVZUSUU5U0lFTlBUa1JKVkVsUFRsTWdUMFlnUVU1WklFdEpUa1FzSUdWcGRHaGxjaUJsZUhCeVpYTnpJRzl5SUdsdGNHeHBaV1F1Q2lNZ1UyVmxJSFJvWlNCTWFXTmxibk5sSUdadmNpQjBhR1VnYzNCbFkybG1hV01nYkdGdVozVmhaMlVnWjI5MlpYSnVhVzVuSUhCbGNtMXBjM05wYjI1eklHRnVaQW9qSUd4cGJXbDBZWFJwYjI1eklIVnVaR1Z5SUhSb1pTQk1hV05sYm5ObExnb0tJeUJVYUdseklITmpjbWx3ZENCcGN5Qm1iM0lnYldGemRHVnlJR0Z1WkNCdWIyUmxJR2x1YzNSaGJtTmxJR2hsWVd4MGFDQnRiMjVwZEc5eWFXNW5MQ0IzYUdsamFDQnBjd29qSUhCaFkydGxaQ0JwYmlCcmRXSmxMVzFoYm1sbVpYTjBJSFJoY21KaGJHd3VJRWwwSUdseklHVjRaV04xZEdWa0lIUm9jbTkxWjJnZ1lTQnplWE4wWlcxa0lITmxjblpwWTJVS0l5QnBiaUJqYkhWemRHVnlMMmRqWlM5blkya3ZQRzFoYzNSbGNpOXViMlJsUGk1NVlXMXNMaUJVYUdVZ1pXNTJJSFpoY21saFlteGxjeUJqYjIxbElHWnliMjBnWVc0Z1pXNTJDaU1nWm1sc1pTQndjbTkyYVdSbFpDQmllU0IwYUdVZ2MzbHpkR1Z0WkNCelpYSjJhV05sTGdvS0l5QlVhR2x6SUhOamNtbHdkQ0JwY3lCaElITnNhV2RvZEd4NUlHRmthblZ6ZEdWa0lIWmxjbk5wYjI0Z2IyWUtJeUJvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2YTNWaVpYSnVaWFJsY3k5cmRXSmxjbTVsZEdWekwySnNiMkl2WlRGaE1XRmhNakV4TWpJMFptTmtPV0l5TVRNME1qQmlPREJpTW1GbE5qZ3dOalk1TmpnelpDOWpiSFZ6ZEdWeUwyZGpaUzluWTJrdmFHVmhiSFJvTFcxdmJtbDBiM0l1YzJnS0l5QkJaR3AxYzNSdFpXNTBjeUJoY21VNkNpTWdLaUJMZFdKbGJHVjBJR2hsWVd4MGFDQndiM0owSUdseklERXdNalE0SUc1dmRDQXhNREkxTlFvaklDb2dVbVZ0YjNaaGJDQnZaaUJoYkd3Z1lXeHNJSEpsWm1WeVpXNWpaWE1nZEc4Z2RHaGxJRXRWUWtWZlJVNVdJR1pwYkdVS0NuTmxkQ0F0YnlCdWIzVnVjMlYwQ25ObGRDQXRieUJ3YVhCbFptRnBiQW9LSXlCWFpTQnphVzF3YkhrZ2EybHNiQ0IwYUdVZ2NISnZZMlZ6Y3lCM2FHVnVJSFJvWlhKbElHbHpJR0VnWm1GcGJIVnlaUzRnUVc1dmRHaGxjaUJ6ZVhOMFpXMWtJSE5sY25acFkyVWdkMmxzYkFvaklHRjFkRzl0WVhScFkyRnNiSGtnY21WemRHRnlkQ0IwYUdVZ2NISnZZMlZ6Y3k0S1puVnVZM1JwYjI0Z1kyOXVkR0ZwYm1WeVgzSjFiblJwYldWZmJXOXVhWFJ2Y21sdVp5Z3BJSHNLSUNCc2IyTmhiQ0F0Y2lCdFlYaGZZWFIwWlcxd2RITTlOUW9nSUd4dlkyRnNJR0YwZEdWdGNIUTlNUW9nSUd4dlkyRnNJQzF5SUdOdmJuUmhhVzVsY2w5eWRXNTBhVzFsWDI1aGJXVTlJaVI3UTA5T1ZFRkpUa1ZTWDFKVlRsUkpUVVZmVGtGTlJUb3RaRzlqYTJWeWZTSUtJQ0FqSUZkbElITjBhV3hzSUc1bFpXUWdkRzhnZFhObElDZGtiMk5yWlhJZ2NITW5JSGRvWlc0Z1kyOXVkR0ZwYm1WeUlISjFiblJwYldVZ2FYTWdJbVJ2WTJ0bGNpSXVJRlJvYVhNZ2FYTWdZbVZqWVhWelpRb2dJQ01nWkc5amEyVnljMmhwYlNCcGN5QnpkR2xzYkNCd1lYSjBJRzltSUd0MVltVnNaWFFnZEc5a1lYa3VJRmRvWlc0Z2EzVmlaV3hsZENCcGN5QmtiM2R1TENCamNtbGpkR3dnY0c5a2N3b2dJQ01nZDJsc2JDQmhiSE52SUdaaGFXd3NJR0Z1WkNCa2IyTnJaWElnZDJsc2JDQmlaU0JyYVd4c1pXUXVJRlJvYVhNZ2FYTWdkVzVrWlhOcGNtRmliR1VnWlhOd1pXTnBZV3hzZVNCM2FHVnVDaUFnSXlCa2IyTnJaWElnYkdsMlpTQnlaWE4wYjNKbElHbHpJR1JwYzJGaWJHVmtMZ29nSUd4dlkyRnNJR2hsWVd4MGFHTm9aV05yWDJOdmJXMWhibVE5SW1SdlkydGxjaUJ3Y3lJS0lDQnBaaUJiV3lBaUpIdERUMDVVUVVsT1JWSmZVbFZPVkVsTlJUb3RaRzlqYTJWeWZTSWdJVDBnSW1SdlkydGxjaUlnWFYwN0lIUm9aVzRLSUNBZ0lHaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUTlJbU55YVdOMGJDQndiMlJ6SWdvZ0lHWnBDaUFnSXlCRGIyNTBZV2x1WlhJZ2NuVnVkR2x0WlNCemRHRnlkSFZ3SUhSaGEyVnpJSFJwYldVdUlFMWhhMlVnYVc1cGRHbGhiQ0JoZEhSbGJYQjBjeUJpWldadmNtVWdjM1JoY25ScGJtY0tJQ0FqSUd0cGJHeHBibWNnZEdobElHTnZiblJoYVc1bGNpQnlkVzUwYVcxbExnb2dJSFZ1ZEdsc0lIUnBiV1Z2ZFhRZ05qQWdKSHRvWldGc2RHaGphR1ZqYTE5amIyMXRZVzVrZlNBK0lDOWtaWFl2Ym5Wc2JEc2daRzhLSUNBZ0lHbG1JQ2dvWVhSMFpXMXdkQ0E5UFNCdFlYaGZZWFIwWlcxd2RITXBLVHNnZEdobGJnb2dJQ0FnSUNCbFkyaHZJQ0pOWVhnZ1lYUjBaVzF3ZENBa2UyMWhlRjloZEhSbGJYQjBjMzBnY21WaFkyaGxaQ0VnVUhKdlkyVmxaR2x1WnlCMGJ5QnRiMjVwZEc5eUlHTnZiblJoYVc1bGNpQnlkVzUwYVcxbElHaGxZV3gwYUdsdVpYTnpMaUlLSUNBZ0lDQWdZbkpsWVdzS0lDQWdJR1pwQ2lBZ0lDQmxZMmh2SUNJa1lYUjBaVzF3ZENCcGJtbDBhV0ZzSUdGMGRHVnRjSFFnWENJa2UyaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUjlYQ0loSUZSeWVXbHVaeUJoWjJGcGJpQnBiaUFrWVhSMFpXMXdkQ0J6WldOdmJtUnpMaTR1SWdvZ0lDQWdjMnhsWlhBZ0lpUW9LRElnS2lvZ1lYUjBaVzF3ZENzcktTa2lDaUFnWkc5dVpRb2dJSGRvYVd4bElIUnlkV1U3SUdSdkNpQWdJQ0JwWmlBaElIUnBiV1Z2ZFhRZ05qQWdKSHRvWldGc2RHaGphR1ZqYTE5amIyMXRZVzVrZlNBK0lDOWtaWFl2Ym5Wc2JEc2dkR2hsYmdvZ0lDQWdJQ0JsWTJodklDSkRiMjUwWVdsdVpYSWdjblZ1ZEdsdFpTQWtlMk52Ym5SaGFXNWxjbDl5ZFc1MGFXMWxYMjVoYldWOUlHWmhhV3hsWkNFaUNpQWdJQ0FnSUdsbUlGdGJJQ0lrWTI5dWRHRnBibVZ5WDNKMWJuUnBiV1ZmYm1GdFpTSWdQVDBnSW1SdlkydGxjaUlnWFYwN0lIUm9aVzRLSUNBZ0lDQWdJQ0FqSUVSMWJYQWdjM1JoWTJzZ2IyWWdaRzlqYTJWeUlHUmhaVzF2YmlCbWIzSWdhVzUyWlhOMGFXZGhkR2x2Ymk0S0lDQWdJQ0FnSUNBaklFeHZaeUJtYVd4bElHNWhiV1VnYkc5dmEzTWdiR2xyWlNCbmIzSnZkWFJwYm1VdGMzUmhZMnR6TFZSSlRVVlRWRUZOVUNCaGJtUWdkMmxzYkNCaVpTQnpZWFpsWkNCMGJ3b2dJQ0FnSUNBZ0lDTWdkR2hsSUdWNFpXTWdjbTl2ZENCa2FYSmxZM1J2Y25rc0lIZG9hV05vSUdseklDOTJZWEl2Y25WdUwyUnZZMnRsY2k4Z2IyNGdWV0oxYm5SMUlHRnVaQ0JEVDFNdUNpQWdJQ0FnSUNBZ2NHdHBiR3dnTFZOSlIxVlRVakVnWkc5amEyVnlaQW9nSUNBZ0lDQm1hUW9nSUNBZ0lDQnplWE4wWlcxamRHd2dhMmxzYkNBdExXdHBiR3d0ZDJodlBXMWhhVzRnSWlSN1kyOXVkR0ZwYm1WeVgzSjFiblJwYldWZmJtRnRaWDBpQ2lBZ0lDQWdJQ01nVjJGcGRDQm1iM0lnWVNCM2FHbHNaU3dnWVhNZ2QyVWdaRzl1SjNRZ2QyRnVkQ0IwYnlCcmFXeHNJR2wwSUdGbllXbHVJR0psWm05eVpTQnBkQ0JwY3lCeVpXRnNiSGtnZFhBdUNpQWdJQ0FnSUhOc1pXVndJREV5TUFvZ0lDQWdaV3h6WlFvZ0lDQWdJQ0J6YkdWbGNDQWlKSHRUVEVWRlVGOVRSVU5QVGtSVGZTSUtJQ0FnSUdacENpQWdaRzl1WlFwOUNncG1kVzVqZEdsdmJpQnJkV0psYkdWMFgyMXZibWwwYjNKcGJtY29LU0I3Q2lBZ1pXTm9ieUFpVjJGcGRDQm1iM0lnTWlCdGFXNTFkR1Z6SUdadmNpQnJkV0psYkdWMElIUnZJR0psSUdaMWJtTjBhVzl1WVd3aUNpQWdjMnhsWlhBZ01USXdDaUFnYkc5allXd2dMWElnYldGNFgzTmxZMjl1WkhNOU1UQUtJQ0JzYjJOaGJDQnZkWFJ3ZFhROUlpSUtJQ0IzYUdsc1pTQjBjblZsT3lCa2J3b2dJQ0FnYkc5allXd2dabUZwYkdWa1BXWmhiSE5sQ2dvZ0lDQWdhV1lnYW05MWNtNWhiR04wYkNBdGRTQnJkV0psYkdWMElDMXVJREVnZkNCbmNtVndJQzF4SUNKMWMyVWdiMllnWTJ4dmMyVmtJRzVsZEhkdmNtc2dZMjl1Ym1WamRHbHZiaUk3SUhSb1pXNEtJQ0FnSUNBZ1ptRnBiR1ZrUFhSeWRXVUtJQ0FnSUNBZ1pXTm9ieUFpUzNWaVpXeGxkQ0J6ZEc5d2NHVmtJSEJ2YzNScGJtY2dibTlrWlNCemRHRjBkWE11SUZKbGMzUmhjblJwYm1jaUNpQWdJQ0JsYkdsbUlDRWdiM1YwY0hWMFBTUW9ZM1Z5YkNBdGJTQWlKSHR0WVhoZmMyVmpiMjVrYzMwaUlDMW1JQzF6SUMxVElHaDBkSEE2THk4eE1qY3VNQzR3TGpFNk1UQXlORGd2YUdWaGJIUm9laUF5UGlZeEtUc2dkR2hsYmdvZ0lDQWdJQ0JtWVdsc1pXUTlkSEoxWlFvZ0lDQWdJQ0FqSUZCeWFXNTBJSFJvWlNCeVpYTndiMjV6WlNCaGJtUXZiM0lnWlhKeWIzSnpMZ29nSUNBZ0lDQmxZMmh2SUNJa2IzVjBjSFYwSWdvZ0lDQWdabWtLQ2lBZ0lDQnBaaUJiV3lBaUpHWmhhV3hsWkNJZ1BUMGdJblJ5ZFdVaUlGMWRPeUIwYUdWdUNpQWdJQ0FnSUdWamFHOGdJa3QxWW1Wc1pYUWdhWE1nZFc1b1pXRnNkR2g1SVNJS0lDQWdJQ0FnYzNsemRHVnRZM1JzSUd0cGJHd2dhM1ZpWld4bGRBb2dJQ0FnSUNBaklGZGhhWFFnWm05eUlHRWdkMmhwYkdVc0lHRnpJSGRsSUdSdmJpZDBJSGRoYm5RZ2RHOGdhMmxzYkNCcGRDQmhaMkZwYmlCaVpXWnZjbVVnYVhRZ2FYTWdjbVZoYkd4NUlIVndMZ29nSUNBZ0lDQnpiR1ZsY0NBMk1Bb2dJQ0FnWld4elpRb2dJQ0FnSUNCemJHVmxjQ0FpSkh0VFRFVkZVRjlUUlVOUFRrUlRmU0lLSUNBZ0lHWnBDaUFnWkc5dVpRcDlDZ29qSXlNakl5TWpJeU1qSXlNakl5Qk5ZV2x1SUVaMWJtTjBhVzl1SUNNakl5TWpJeU1qSXlNakl5TWpJeU1LYVdZZ1cxc2dJaVFqSWlBdGJtVWdNU0JkWFRzZ2RHaGxiZ29nSUdWamFHOGdJbFZ6WVdkbE9pQm9aV0ZzZEdndGJXOXVhWFJ2Y2k1emFDQThZMjl1ZEdGcGJtVnlMWEoxYm5ScGJXVXZhM1ZpWld4bGRENGlDaUFnWlhocGRDQXhDbVpwQ2dwVFRFVkZVRjlUUlVOUFRrUlRQVEV3Q21OdmJYQnZibVZ1ZEQwa01RcGxZMmh2SUNKVGRHRnlkQ0JyZFdKbGNtNWxkR1Z6SUdobFlXeDBhQ0J0YjI1cGRHOXlhVzVuSUdadmNpQWtlMk52YlhCdmJtVnVkSDBpQ21sbUlGdGJJQ0lrZTJOdmJYQnZibVZ1ZEgwaUlEMDlJQ0pqYjI1MFlXbHVaWEl0Y25WdWRHbHRaU0lnWFYwN0lIUm9aVzRLSUNCamIyNTBZV2x1WlhKZmNuVnVkR2x0WlY5dGIyNXBkRzl5YVc1bkNtVnNhV1lnVzFzZ0lpUjdZMjl0Y0c5dVpXNTBmU0lnUFQwZ0ltdDFZbVZzWlhRaUlGMWRPeUIwYUdWdUNpQWdhM1ZpWld4bGRGOXRiMjVwZEc5eWFXNW5DbVZzYzJVS0lDQmxZMmh2SUNKSVpXRnNkR2dnYlc5dWFYUnZjbWx1WnlCbWIzSWdZMjl0Y0c5dVpXNTBJQ1I3WTI5dGNHOXVaVzUwZlNCcGN5QnViM1FnYzNWd2NHOXlkR1ZrSVNJS1pta0sKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9qb3VybmFsZC5jb25mLmQvbWF4X2Rpc2tfdXNlLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMHB2ZFhKdVlXeGRDbE41YzNSbGJVMWhlRlZ6WlQwMVJ3bz0KCi0gcGF0aDogJy9vcHQvbG9hZC1rZXJuZWwtbW9kdWxlcy5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZkWE55TDJKcGJpOWxibllnWW1GemFBcHpaWFFnTFdWMWJ5QndhWEJsWm1GcGJBb0tiVzlrY0hKdlltVWdhWEJmZEdGaWJHVnpDbTF2WkhCeWIySmxJR2x3WDNaekNtMXZaSEJ5YjJKbElHbHdYM1p6WDNKeUNtMXZaSEJ5YjJKbElHbHdYM1p6WDNkeWNncHRiMlJ3Y205aVpTQnBjRjkyYzE5emFBb0thV1lnYlc5a2FXNW1ieUJ1Wmw5amIyNXVkSEpoWTJ0ZmFYQjJOQ0FtUGlBdlpHVjJMMjUxYkd3N0lIUm9aVzRLSUNCdGIyUndjbTlpWlNCdVpsOWpiMjV1ZEhKaFkydGZhWEIyTkFwbGJITmxDaUFnYlc5a2NISnZZbVVnYm1aZlkyOXViblJ5WVdOckNtWnBDZz09CgotIHBhdGg6ICcvZXRjL3N5c2N0bC5kL2s4cy5jb25mJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgYm1WMExtSnlhV1JuWlM1aWNtbGtaMlV0Ym1ZdFkyRnNiQzFwY0RaMFlXSnNaWE1nUFNBeENtNWxkQzVpY21sa1oyVXVZbkpwWkdkbExXNW1MV05oYkd3dGFYQjBZV0pzWlhNZ1BTQXhDbXRsY201bGJDNXdZVzVwWTE5dmJsOXZiM0J6SUQwZ01RcHJaWEp1Wld3dWNHRnVhV01nUFNBeE1BcHVaWFF1YVhCMk5DNXBjRjltYjNKM1lYSmtJRDBnTVFwMmJTNXZkbVZ5WTI5dGJXbDBYMjFsYlc5eWVTQTlJREVLWm5NdWFXNXZkR2xtZVM1dFlYaGZkWE5sY2w5M1lYUmphR1Z6SUQwZ01UQTBPRFUzTmdwbWN5NXBibTkwYVdaNUxtMWhlRjkxYzJWeVgybHVjM1JoYm1ObGN5QTlJRGd4T1RJSwoKLSBwYXRoOiAnL2V0Yy9zZWxpbnV4L2NvbmZpZycKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5QlVhR2x6SUdacGJHVWdZMjl1ZEhKdmJITWdkR2hsSUhOMFlYUmxJRzltSUZORlRHbHVkWGdnYjI0Z2RHaGxJSE41YzNSbGJTNEtJeUJUUlV4SlRsVllQU0JqWVc0Z2RHRnJaU0J2Ym1VZ2IyWWdkR2hsYzJVZ2RHaHlaV1VnZG1Gc2RXVnpPZ29qSUNBZ0lDQmxibVp2Y21OcGJtY2dMU0JUUlV4cGJuVjRJSE5sWTNWeWFYUjVJSEJ2YkdsamVTQnBjeUJsYm1admNtTmxaQzRLSXlBZ0lDQWdjR1Z5YldsemMybDJaU0F0SUZORlRHbHVkWGdnY0hKcGJuUnpJSGRoY201cGJtZHpJR2x1YzNSbFlXUWdiMllnWlc1bWIzSmphVzVuTGdvaklDQWdJQ0JrYVhOaFlteGxaQ0F0SUU1dklGTkZUR2x1ZFhnZ2NHOXNhV041SUdseklHeHZZV1JsWkM0S1UwVk1TVTVWV0Qxd1pYSnRhWE56YVhabENpTWdVMFZNU1U1VldGUlpVRVU5SUdOaGJpQjBZV3RsSUc5dVpTQnZaaUIwYUhKbFpTQjBkMjhnZG1Gc2RXVnpPZ29qSUNBZ0lDQjBZWEpuWlhSbFpDQXRJRlJoY21kbGRHVmtJSEJ5YjJObGMzTmxjeUJoY21VZ2NISnZkR1ZqZEdWa0xBb2pJQ0FnSUNCdGFXNXBiWFZ0SUMwZ1RXOWthV1pwWTJGMGFXOXVJRzltSUhSaGNtZGxkR1ZrSUhCdmJHbGplUzRnVDI1c2VTQnpaV3hsWTNSbFpDQndjbTlqWlhOelpYTWdZWEpsSUhCeWIzUmxZM1JsWkM0S0l5QWdJQ0FnYld4eklDMGdUWFZzZEdrZ1RHVjJaV3dnVTJWamRYSnBkSGtnY0hKdmRHVmpkR2x2Ymk0S1UwVk1TVTVWV0ZSWlVFVTlkR0Z5WjJWMFpXUUsKCi0gcGF0aDogJy9vcHQvYmluL3NldHVwJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdlltbHVMMkpoYzJnS2MyVjBJQzE0WlhWdklIQnBjR1ZtWVdsc0NncHpaWFJsYm1admNtTmxJREFnZkh3Z2RISjFaUXB6ZVhOMFpXMWpkR3dnY21WemRHRnlkQ0J6ZVhOMFpXMWtMVzF2WkhWc1pYTXRiRzloWkM1elpYSjJhV05sQ25ONWMyTjBiQ0F0TFhONWMzUmxiUW9LZVhWdElHbHVjM1JoYkd3Z0xYa2dYQW9nSUdSbGRtbGpaUzF0WVhCd1pYSXRjR1Z5YzJsemRHVnVkQzFrWVhSaElGd0tJQ0JzZG0weUlGd0tJQ0JsWW5SaFlteGxjeUJjQ2lBZ1pYUm9kRzl2YkNCY0NpQWdibVp6TFhWMGFXeHpJRndLSUNCaVlYTm9MV052YlhCc1pYUnBiMjRnWEFvZ0lITjFaRzhnWEFvZ0lITnZZMkYwSUZ3S0lDQjNaMlYwSUZ3S0lDQmpkWEpzSUZ3S0lDQnBjSFp6WVdSdENncHplWE4wWlcxamRHd2daR2x6WVdKc1pTQXRMVzV2ZHlCbWFYSmxkMkZzYkdRZ2ZId2dkSEoxWlFwNWRXMGdhVzV6ZEdGc2JDQXRlU0I1ZFcwdGRYUnBiSE1LZVhWdExXTnZibVpwWnkxdFlXNWhaMlZ5SUMwdFlXUmtMWEpsY0c4OWFIUjBjSE02THk5a2IzZHViRzloWkM1a2IyTnJaWEl1WTI5dEwyeHBiblY0TDJObGJuUnZjeTlrYjJOclpYSXRZMlV1Y21Wd2J3cDVkVzB0WTI5dVptbG5MVzFoYm1GblpYSWdMUzF6WVhabElDMHRjMlYwYjNCMFBXUnZZMnRsY2kxalpTMXpkR0ZpYkdVdWJXOWtkV3hsWDJodmRHWnBlR1Z6UFhSeWRXVUtDbmwxYlNCcGJuTjBZV3hzSUMxNUlHTnZiblJoYVc1bGNtUXVhVzh0TVM0MUtpQjVkVzB0Y0d4MVoybHVMWFpsY25OcGIyNXNiMk5yQ25sMWJTQjJaWEp6YVc5dWJHOWpheUJoWkdRZ1kyOXVkR0ZwYm1WeVpDNXBid29LYzNsemRHVnRZM1JzSUdSaFpXMXZiaTF5Wld4dllXUUtjM2x6ZEdWdFkzUnNJR1Z1WVdKc1pTQXRMVzV2ZHlCamIyNTBZV2x1WlhKa0NncHZjSFJmWW1sdVBTOXZjSFF2WW1sdUNuVnpjbDlzYjJOaGJGOWlhVzQ5TDNWemNpOXNiMk5oYkM5aWFXNEtZMjVwWDJKcGJsOWthWEk5TDI5d2RDOWpibWt2WW1sdUNtMXJaR2x5SUMxd0lDOWxkR012WTI1cEwyNWxkQzVrSUM5bGRHTXZhM1ZpWlhKdVpYUmxjeTl0WVc1cFptVnpkSE1nSWlSdmNIUmZZbWx1SWlBaUpHTnVhVjlpYVc1ZlpHbHlJZ3B0YTJScGNpQXRjQ0F2WlhSakwydDFZbVZ5Ym1WMFpYTXZaSGx1WVcxcFl5MWpiMjVtYVdjdFpHbHlDbUZ5WTJnOUpIdElUMU5VWDBGU1EwZ3RmUXBwWmlCYklDMTZJQ0lrWVhKamFDSWdYUXAwYUdWdUNtTmhjMlVnSkNoMWJtRnRaU0F0YlNrZ2FXNEtlRGcyWHpZMEtRb2dJQ0FnWVhKamFEMGlZVzFrTmpRaUNpQWdJQ0E3T3dwaFlYSmphRFkwS1FvZ0lDQWdZWEpqYUQwaVlYSnROalFpQ2lBZ0lDQTdPd29xS1FvZ0lDQWdaV05vYnlBaWRXNXpkWEJ3YjNKMFpXUWdRMUJWSUdGeVkyaHBkR1ZqZEhWeVpTd2daWGhwZEdsdVp5SUtJQ0FnSUdWNGFYUWdNUW9nSUNBZ096c0taWE5oWXdwbWFRcERUa2xmVmtWU1UwbFBUajBpSkh0RFRrbGZWa1ZTVTBsUFRqb3RkakF1T0M0M2ZTSUtZMjVwWDJKaGMyVmZkWEpzUFNKb2RIUndjem92TDJkcGRHaDFZaTVqYjIwdlkyOXVkR0ZwYm1WeWJtVjBkMjl5YTJsdVp5OXdiSFZuYVc1ekwzSmxiR1ZoYzJWekwyUnZkMjVzYjJGa0x5UkRUa2xmVmtWU1UwbFBUaUlLWTI1cFgyWnBiR1Z1WVcxbFBTSmpibWt0Y0d4MVoybHVjeTFzYVc1MWVDMGtZWEpqYUMwa1EwNUpYMVpGVWxOSlQwNHVkR2Q2SWdwamRYSnNJQzFNWm04Z0lpUmpibWxmWW1sdVgyUnBjaThrWTI1cFgyWnBiR1Z1WVcxbElpQWlKR051YVY5aVlYTmxYM1Z5YkM4a1kyNXBYMlpwYkdWdVlXMWxJZ3BqYm1sZmMzVnRQU1FvWTNWeWJDQXRUR1lnSWlSamJtbGZZbUZ6WlY5MWNtd3ZKR051YVY5bWFXeGxibUZ0WlM1emFHRXlOVFlpS1FwalpDQWlKR051YVY5aWFXNWZaR2x5SWdwemFHRXlOVFp6ZFcwZ0xXTWdQRHc4SWlSamJtbGZjM1Z0SWdwMFlYSWdlSFptSUNJa1kyNXBYMlpwYkdWdVlXMWxJZ3B5YlNBdFppQWlKR051YVY5bWFXeGxibUZ0WlNJS1kyUWdMUXBEVWtsZlZFOVBURk5mVWtWTVJVRlRSVDBpSkh0RFVrbGZWRTlQVEZOZlVrVk1SVUZUUlRvdGRqRXVNakl1TUgwaUNtTnlhVjkwYjI5c2MxOWlZWE5sWDNWeWJEMGlhSFIwY0hNNkx5OW5hWFJvZFdJdVkyOXRMMnQxWW1WeWJtVjBaWE10YzJsbmN5OWpjbWt0ZEc5dmJITXZjbVZzWldGelpYTXZaRzkzYm14dllXUXZKSHREVWtsZlZFOVBURk5mVWtWTVJVRlRSWDBpQ21OeWFWOTBiMjlzYzE5bWFXeGxibUZ0WlQwaVkzSnBZM1JzTFNSN1ExSkpYMVJQVDB4VFgxSkZURVZCVTBWOUxXeHBiblY0TFNSN1lYSmphSDB1ZEdGeUxtZDZJZ3BqZFhKc0lDMU1abThnSWlSdmNIUmZZbWx1THlSamNtbGZkRzl2YkhOZlptbHNaVzVoYldVaUlDSWtZM0pwWDNSdmIyeHpYMkpoYzJWZmRYSnNMeVJqY21sZmRHOXZiSE5mWm1sc1pXNWhiV1VpQ21OeWFWOTBiMjlzYzE5emRXMDlKQ2hqZFhKc0lDMU1aaUFpSkdOeWFWOTBiMjlzYzE5aVlYTmxYM1Z5YkM4a1kzSnBYM1J2YjJ4elgyWnBiR1Z1WVcxbExuTm9ZVEkxTmlJZ2ZDQnpaV1FnSjNNdlhDcGNMeTh2SnlrS1kyUWdJaVJ2Y0hSZlltbHVJZ3B6YUdFeU5UWnpkVzBnTFdNZ1BEdzhJaVJqY21sZmRHOXZiSE5mYzNWdElncDBZWElnZUhabUlDSWtZM0pwWDNSdmIyeHpYMlpwYkdWdVlXMWxJZ3B5YlNBdFppQWlKR055YVY5MGIyOXNjMTltYVd4bGJtRnRaU0lLYkc0Z0xYTm1JQ0lrYjNCMFgySnBiaTlqY21samRHd2lJQ0lrZFhOeVgyeHZZMkZzWDJKcGJpSXZZM0pwWTNSc0lIeDhJR1ZqYUc4Z0luTjViV0p2YkdsaklHeHBibXNnYVhNZ2MydHBjSEJsWkNJS1kyUWdMUXBMVlVKRlgxWkZVbE5KVDA0OUlpUjdTMVZDUlY5V1JWSlRTVTlPT2kxMk1TNHlNaTR5ZlNJS2EzVmlaVjlrYVhJOUlpUnZjSFJmWW1sdUwydDFZbVZ5Ym1WMFpYTXRKRXRWUWtWZlZrVlNVMGxQVGlJS2EzVmlaVjlpWVhObFgzVnliRDBpYUhSMGNITTZMeTl6ZEc5eVlXZGxMbWR2YjJkc1pXRndhWE11WTI5dEwydDFZbVZ5Ym1WMFpYTXRjbVZzWldGelpTOXlaV3hsWVhObEx5UkxWVUpGWDFaRlVsTkpUMDR2WW1sdUwyeHBiblY0THlSaGNtTm9JZ3ByZFdKbFgzTjFiVjltYVd4bFBTSWthM1ZpWlY5a2FYSXZjMmhoTWpVMklncHRhMlJwY2lBdGNDQWlKR3QxWW1WZlpHbHlJZ282SUQ0aUpHdDFZbVZmYzNWdFgyWnBiR1VpQ2dwbWIzSWdZbWx1SUdsdUlHdDFZbVZzWlhRZ2EzVmlaV0ZrYlNCcmRXSmxZM1JzT3lCa2J3b2dJQ0FnWTNWeWJDQXRUR1p2SUNJa2EzVmlaVjlrYVhJdkpHSnBiaUlnSWlScmRXSmxYMkpoYzJWZmRYSnNMeVJpYVc0aUNpQWdJQ0JqYUcxdlpDQXJlQ0FpSkd0MVltVmZaR2x5THlSaWFXNGlDaUFnSUNCemRXMDlKQ2hqZFhKc0lDMU1aaUFpSkd0MVltVmZZbUZ6WlY5MWNtd3ZKR0pwYmk1emFHRXlOVFlpS1FvZ0lDQWdaV05vYnlBaUpITjFiU0FnSkd0MVltVmZaR2x5THlSaWFXNGlJRDQrSWlScmRXSmxYM04xYlY5bWFXeGxJZ3BrYjI1bENuTm9ZVEkxTm5OMWJTQXRZeUFpSkd0MVltVmZjM1Z0WDJacGJHVWlDZ3BtYjNJZ1ltbHVJR2x1SUd0MVltVnNaWFFnYTNWaVpXRmtiU0JyZFdKbFkzUnNPeUJrYndvZ0lDQWdiRzRnTFhObUlDSWthM1ZpWlY5a2FYSXZKR0pwYmlJZ0lpUnZjSFJmWW1sdUlpOGtZbWx1Q21SdmJtVUtDa1JGUmtGVlRGUmZTVVpEWDA1QlRVVTlKQ2hwY0NBdGJ5QnliM1YwWlNCblpYUWdNU0FnZkNCbmNtVndJQzF2VUNBaVpHVjJJRnhMWEZNcklpa0tDaU1nWlc1aFlteGxJRVJJUTFCMk5pQnZiaUIwYUdVZ1pHVm1ZWFZzZENCcGJuUmxjbVpoWTJVS1pXTm9ieUJPUlZSWFQxSkxTVTVIWDBsUVZqWTllV1Z6SUQ0K0lDOWxkR012YzNselkyOXVabWxuTDI1bGRIZHZjbXNLWldOb2J5QkpVRlkyU1U1SlZEMTVaWE1nUGo0Z0wyVjBZeTl6ZVhOamIyNW1hV2N2Ym1WMGQyOXlheTF6WTNKcGNIUnpMMmxtWTJabkxTUkVSVVpCVlV4VVgwbEdRMTlPUVUxRkNtVmphRzhnUkVoRFVGWTJRejE1WlhNZ1BqNGdMMlYwWXk5emVYTmpiMjVtYVdjdmJtVjBkMjl5YXkxelkzSnBjSFJ6TDJsbVkyWm5MU1JFUlVaQlZVeFVYMGxHUTE5T1FVMUZDbWxtWkc5M2JpQWtSRVZHUVZWTVZGOUpSa05mVGtGTlJTQW1KaUJwWm5Wd0lDUkVSVVpCVlV4VVgwbEdRMTlPUVUxRkNncHRhMlJwY2lBdGNDQXZaWFJqTDNONWMzUmxiV1F2YzNsemRHVnRMMnQxWW1Wc1pYUXVjMlZ5ZG1salpTNWtMd29qSUhObGRDQnJkV0psYkdWMElHNXZaR1ZwY0NCbGJuWnBjbTl1YldWdWRDQjJZWEpwWVdKc1pRb3ZiM0IwTDJKcGJpOXpaWFIxY0Y5dVpYUmZaVzUyTG5Ob0NncHplWE4wWlcxamRHd2daVzVoWW14bElDMHRibTkzSUd0MVltVnNaWFFLYzNsemRHVnRZM1JzSUdWdVlXSnNaU0F0TFc1dmR5QXRMVzV2TFdKc2IyTnJJR3QxWW1Wc1pYUXRhR1ZoYkhSb1kyaGxZMnN1YzJWeWRtbGpaUW89CgotIHBhdGg6ICcvb3B0L2Jpbi9zdXBlcnZpc2Uuc2gnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2WW1sdUwySmhjMmdLYzJWMElDMTRaWFZ2SUhCcGNHVm1ZV2xzQ25kb2FXeGxJQ0VnSWlSQUlqc2daRzhLSUNCemJHVmxjQ0F4Q21SdmJtVUsKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0va3ViZWxldC5zZXJ2aWNlJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgVzFWdWFYUmRDa0ZtZEdWeVBXTnZiblJoYVc1bGNtUXVjMlZ5ZG1salpRcFNaWEYxYVhKbGN6MWpiMjUwWVdsdVpYSmtMbk5sY25acFkyVUtDa1JsYzJOeWFYQjBhVzl1UFd0MVltVnNaWFE2SUZSb1pTQkxkV0psY201bGRHVnpJRTV2WkdVZ1FXZGxiblFLUkc5amRXMWxiblJoZEdsdmJqMW9kSFJ3Y3pvdkwydDFZbVZ5Ym1WMFpYTXVhVzh2Wkc5amN5OW9iMjFsTHdvS1cxTmxjblpwWTJWZENsVnpaWEk5Y205dmRBcFNaWE4wWVhKMFBXRnNkMkY1Y3dwVGRHRnlkRXhwYldsMFNXNTBaWEoyWVd3OU1BcFNaWE4wWVhKMFUyVmpQVEV3Q2tOUVZVRmpZMjkxYm5ScGJtYzlkSEoxWlFwTlpXMXZjbmxCWTJOdmRXNTBhVzVuUFhSeWRXVUtDa1Z1ZG1seWIyNXRaVzUwUFNKUVFWUklQUzl2Y0hRdlltbHVPaTlpYVc0NkwzVnpjaTlzYjJOaGJDOXpZbWx1T2k5MWMzSXZiRzlqWVd3dlltbHVPaTkxYzNJdmMySnBiam92ZFhOeUwySnBiam92YzJKcGJpOGlDa1Z1ZG1seWIyNXRaVzUwUm1sc1pUMHRMMlYwWXk5bGJuWnBjbTl1YldWdWRBb0tSWGhsWTFOMFlYSjBVSEpsUFM5aWFXNHZZbUZ6YUNBdmIzQjBMMlJwYzJGaWJHVXRjM2RoY0M1emFBcEZlR1ZqVTNSaGNuUlFjbVU5TDJKcGJpOWlZWE5vSUM5dmNIUXZiRzloWkMxclpYSnVaV3d0Ylc5a2RXeGxjeTV6YUFwRmVHVmpVM1JoY25SUWNtVTlMMkpwYmk5aVlYTm9JQzl2Y0hRdlltbHVMM05sZEhWd1gyNWxkRjlsYm5ZdWMyZ0tSWGhsWTFOMFlYSjBQUzl2Y0hRdlltbHVMMnQxWW1Wc1pYUWdKRXRWUWtWTVJWUmZSVmhVVWtGZlFWSkhVeUJjQ2lBZ0xTMWliMjkwYzNSeVlYQXRhM1ZpWldOdmJtWnBaejB2WlhSakwydDFZbVZ5Ym1WMFpYTXZZbTl2ZEhOMGNtRndMV3QxWW1Wc1pYUXVZMjl1WmlCY0NpQWdMUzFyZFdKbFkyOXVabWxuUFM5MllYSXZiR2xpTDJ0MVltVnNaWFF2YTNWaVpXTnZibVpwWnlCY0NpQWdMUzFqYjI1bWFXYzlMMlYwWXk5cmRXSmxjbTVsZEdWekwydDFZbVZzWlhRdVkyOXVaaUJjQ2lBZ0xTMXVaWFIzYjNKckxYQnNkV2RwYmoxamJta2dYQW9nSUMwdFkyVnlkQzFrYVhJOUwyVjBZeTlyZFdKbGNtNWxkR1Z6TDNCcmFTQmNDaUFnTFMxamJHOTFaQzF3Y205MmFXUmxjajFoZDNNZ1hBb2dJQzB0WTJ4dmRXUXRZMjl1Wm1sblBTOWxkR012YTNWaVpYSnVaWFJsY3k5amJHOTFaQzFqYjI1bWFXY2dYQW9nSUMwdFpIbHVZVzFwWXkxamIyNW1hV2N0WkdseVBTOWxkR012YTNWaVpYSnVaWFJsY3k5a2VXNWhiV2xqTFdOdmJtWnBaeTFrYVhJZ1hBb2dJQzB0Wm1WaGRIVnlaUzFuWVhSbGN6MUVlVzVoYldsalMzVmlaV3hsZEVOdmJtWnBaejEwY25WbElGd0tJQ0F0TFdWNGFYUXRiMjR0Ykc5amF5MWpiMjUwWlc1MGFXOXVJRndLSUNBdExXeHZZMnN0Wm1sc1pUMHZkRzF3TDJ0MVltVnNaWFF1Ykc5amF5QmNDaUFnTFMxamIyNTBZV2x1WlhJdGNuVnVkR2x0WlQxeVpXMXZkR1VnWEFvZ0lDMHRZMjl1ZEdGcGJtVnlMWEoxYm5ScGJXVXRaVzVrY0c5cGJuUTlkVzVwZURvdkx5OXlkVzR2WTI5dWRHRnBibVZ5WkM5amIyNTBZV2x1WlhKa0xuTnZZMnNnWEFvZ0lDMHRibTlrWlMxcGNDQWtlMHRWUWtWTVJWUmZUazlFUlY5SlVIMEtDbHRKYm5OMFlXeHNYUXBYWVc1MFpXUkNlVDF0ZFd4MGFTMTFjMlZ5TG5SaGNtZGxkQW89CgotIHBhdGg6ICcvZXRjL2t1YmVybmV0ZXMvY2xvdWQtY29uZmlnJwogIHBlcm1pc3Npb25zOiAnMDYwMCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgVzJkc2IySmhiRjBLV205dVpUMGlaWFV0WTJWdWRISmhiQzB4WWlJS1ZsQkRQU0psTFRFeU0yWWlDbE4xWW01bGRFbEVQU0owWlhOMExYTjFZbTVsZENJS0NnPT0KCi0gcGF0aDogJy9vcHQvYmluL3NldHVwX25ldF9lbnYuc2gnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2ZFhOeUwySnBiaTlsYm5ZZ1ltRnphQXBsWTJodlpHRjBaU2dwSUhzS0lDQmxZMmh2SUNKYkpDaGtZWFJsSUMxSmN5bGRJaUFpSkVBaUNuMEtDaU1nWjJWMElIUm9aU0JrWldaaGRXeDBJR2x1ZEdWeVptRmpaU0JKVUNCaFpHUnlaWE56Q2tSRlJrRlZURlJmU1VaRFgwbFFQU1FvYVhBZ0xXOGdJSEp2ZFhSbElHZGxkQ0F4SUh3Z1ozSmxjQ0F0YjFBZ0luTnlZeUJjUzF4VEt5SXBDZ3BwWmlCYklDMTZJQ0lrZTBSRlJrRlZURlJmU1VaRFgwbFFmU0lnWFFwMGFHVnVDaUFnWldOb2IyUmhkR1VnSWtaaGFXeGxaQ0IwYnlCblpYUWdTVkFnWVdSa2NtVnpjeUJtYjNJZ2RHaGxJR1JsWm1GMWJIUWdjbTkxZEdVZ2FXNTBaWEptWVdObElnb2dJR1Y0YVhRZ01RcG1hUW9LSXlCblpYUWdkR2hsSUdaMWJHd2dhRzl6ZEc1aGJXVUtSbFZNVEY5SVQxTlVUa0ZOUlQwa0tHaHZjM1J1WVcxbElDMW1LUW9qSUdsbUlDOWxkR012YUc5emRHNWhiV1VnYVhNZ2JtOTBJR1Z0Y0hSNUlIUm9aVzRnZFhObElIUm9aU0JvYjNOMGJtRnRaU0JtY205dElIUm9aWEpsQ21sbUlGc2dMWE1nTDJWMFl5OW9iM04wYm1GdFpTQmRPeUIwYUdWdUNpQWdSbFZNVEY5SVQxTlVUa0ZOUlQwa0tHTmhkQ0F2WlhSakwyaHZjM1J1WVcxbEtRcG1hUW9LSXlCM2NtbDBaU0IwYUdVZ2JtOWtaV2x3WDJWdWRpQm1hV3hsQ2lNZ2QyVWdibVZsWkNCMGFHVWdiR2x1WlNCaVpXeHZkeUJpWldOaGRYTmxJR1pzWVhSallYSWdhR0Z6SUhSb1pTQnpZVzFsSUhOMGNtbHVaeUFpWTI5eVpXOXpJaUJwYmlCMGFHRjBJR1pwYkdVS2FXWWdaM0psY0NBdGNTQmpiM0psYjNNZ0wyVjBZeTl2Y3kxeVpXeGxZWE5sQ25Sb1pXNEtJQ0JsWTJodklDSkxWVUpGVEVWVVgwNVBSRVZmU1ZBOUpIdEVSVVpCVlV4VVgwbEdRMTlKVUgxY2JrdFZRa1ZNUlZSZlNFOVRWRTVCVFVVOUpIdEdWVXhNWDBoUFUxUk9RVTFGZlNJZ1BpQXZaWFJqTDJ0MVltVnlibVYwWlhNdmJtOWtaV2x3TG1OdmJtWUtaV3hwWmlCYklDRWdMV1FnTDJWMFl5OXplWE4wWlcxa0wzTjVjM1JsYlM5cmRXSmxiR1YwTG5ObGNuWnBZMlV1WkNCZENuUm9aVzRLSUNCbFkyaHZaR0YwWlNBaVEyRnVKM1FnWm1sdVpDQnJkV0psYkdWMElITmxjblpwWTJVZ1pYaDBjbUZ6SUdScGNtVmpkRzl5ZVNJS0lDQmxlR2wwSURFS1pXeHpaUW9nSUdWamFHOGdMV1VnSWx0VFpYSjJhV05sWFZ4dVJXNTJhWEp2Ym0xbGJuUTlYQ0pMVlVKRlRFVlVYMDVQUkVWZlNWQTlKSHRFUlVaQlZVeFVYMGxHUTE5SlVIMWNJbHh1Ulc1MmFYSnZibTFsYm5ROVhDSkxWVUpGVEVWVVgwaFBVMVJPUVUxRlBTUjdSbFZNVEY5SVQxTlVUa0ZOUlgxY0lpSWdQaUF2WlhSakwzTjVjM1JsYldRdmMzbHpkR1Z0TDJ0MVltVnNaWFF1YzJWeWRtbGpaUzVrTDI1dlpHVnBjQzVqYjI1bUNtWnBDZz09CgotIHBhdGg6ICcvZXRjL2t1YmVybmV0ZXMvcGtpL2NhLmNydCcKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIExTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVVZYYWtORFFUQkxaMEYzU1VKQlowbEtRVXhtVW14WGMwazRXVkZJVFVFd1IwTlRjVWRUU1dJelJGRkZRa0pSVlVGTlNITjRRM3BCU2tKblRsWUtRa0ZaVkVGc1ZsUk5VWE4zUTFGWlJGWlJVVWxGZDBwRVVWUkZWMDFDVVVkQk1WVkZRbmhOVGxVeVJuVkpSVnA1V1ZjMWFtRllUbXBpZWtWVlRVSkpSd3BCTVZWRlEyaE5URkZ1U21oYVIxcHdaRWh3Y0dKdFRYaEZha0ZSUW1kT1ZrSkJUVlJEVjNoMldUSkdjMkZIT1hwa1JFVmtUVUp6UjBOVGNVZFRTV0l6Q2tSUlJVcEJVbGxQV1c1S2FGcEZRbXRaVnpWdVdWTTFhbUl5TUhkSWFHTk9UVlJSZDA1NlJURk5ha0V3VG1wQk1WZG9ZMDVOVkdOM1RsUkJNRTFxUVRBS1RtcEJNVmRxUWpkTlVYTjNRMUZaUkZaUlVVZEZkMHBXVlhwRlRFMUJhMGRCTVZWRlEwSk5RMUV3UlhoR2FrRlZRbWRPVmtKQlkxUkVWazVvWW1sQ1J3cGpiVVoxV1RKc2Vsa3lPSGhHUkVGVFFtZE9Wa0pCYjFSRE1FcDVXVmRTYldGWVVqWmhWelZxVFZKSmQwVkJXVVJXVVZGRVJYZHNjMkl5VG1oaVIyaDJDbU16VVhoSVZFRmlRbWRyY1docmFVYzVkekJDUTFGRlYwUnRTbmxaVjFKQldrZEdkVm95UlhWWk1qbDBUVWxKUWtscVFVNUNaMnR4YUd0cFJ6bDNNRUlLUVZGRlJrRkJUME5CVVRoQlRVbEpRa05uUzBOQlVVVkJkRFZtUVdwd05HWlVZMlZyVjFWVVpucHpjREJyZVdsb01VOVpZbk5IVERCTFdERmxVbUpUVXdwU09FOWtNQ3M1VVRZeVNIbHVlU3RIUm5kTlZHSTBRUzlMVlRodGMzTnZTSFpqWTJWVFFVRmlkMlppZUVaTEx5dHpOVEZVYjJKeFZXNVBVbHB5VDI5VUNscHFhMVY1WjJKNVdFUlRTems1V1VKaVkxSXhVR2x3T0haM1RWUnRORmhMZFV4MFEybG5aVUpDWkdwcVFWRmtaMVZQTWpoTVJVNUhiSE5OYm0xbFdXc0tTbVpQUkZaSGJsWnRjalZNZEdJNVFVNUJPRWxMZVZSbWMyNUlTalJwVDBOVEwxQnNVR0pWYWpKeE4xbHViMVpNY0c5elZVSk5iR2RWWWk5RGVXdFlNd3B0VDI5TVlqUjVTa3BSZVVFdmFWTlVObHA0YVVsRmFqTTJSRFI1VjFvMWJHYzNXVXBzSzFWcGFVSlJTRWREYmxCa1IzbHBjSEZXTURabGVEQm9aVmxYQ21OaGFWYzRURmRhVTFWUk9UTnFVU3RYVmtOSU9HaFVOMFJSVHpGa2JYTjJWVzFZYkhFdlNtVkJiSGRSTDFGSlJFRlJRVUp2TkVoblRVbElaRTFDTUVjS1FURlZaRVJuVVZkQ1FsSmpRVkpQZEdoVE5GQTBWVGQyVkdacVFubEROVFk1VWpkRk5rUkRRbkpSV1VSV1VqQnFRa2xIYkUxSlIybG5RbEpqUVZKUGRBcG9VelJRTkZVM2RsUm1ha0o1UXpVMk9WSTNSVFpMUmk5d1NEQjNaWHBGVEUxQmEwZEJNVlZGUW1oTlExWldUWGhEZWtGS1FtZE9Wa0pCWjFSQmEwNUNDazFTV1hkR1FWbEVWbEZSU0VWM01WUlpWelJuVW01S2FHSnRUbkJqTWs1MlRWSlJkMFZuV1VSV1VWRkxSWGQwUTJOdFJtdGFiV3d3Wlcxc2RWbDZSVk1LVFVKQlIwRXhWVVZCZUUxS1lrYzVhbGxYZUc5aU0wNHdUVkl3ZDBkM1dVcExiMXBKYUhaalRrRlJhMEpHWnpWcFkyMUdhMUZIVW1oaWJXUm9URzFPZGdwaVdVbEtRVXhtVW14WGMwazRXVkZJVFVGM1IwRXhWV1JGZDFGR1RVRk5Ra0ZtT0hkRVVWbEtTMjlhU1doMlkwNUJVVVZHUWxGQlJHZG5SVUpCUnpab0NsVTVaamx6VGtnd0x6WnZRbUpIUjNreVJWWlZNRlZuU1ZSVlVVbHlSbGR2T1hKR2EzSlhOV3N2V0d0RWFsRnRLek5zZW1wVU1HbEhValJKZUVVdlFXOEtaVlUyYzFGb2RXRTNkM0pYWlVaRmJqUTNSMHc1T0d4dVEzTktaRVEzYjFwT2FFWnRVVGsxVkdJdlRHNUVWV3B6TlZscU9XSnlVREJPVjNwWVpsbFZOQXBWU3pKYWJrbE9TbEpqU25CQ09HbFNRMkZEZUVVNFJHUmpWVVl3V0hGSlJYRTJjRUV5TnpKemJtOU1iV2xZVEUxMlRtd3phMWxGWkcwcmFtVTJkbTlFQ2pVNFUwNVdSVlZ6ZW5SNlVYbFliVXBGYUVOd2QxWkpNRUUyVVVOcWVsaHFLM0YyY0cxM00xcGFTR2s0U25kWVpXazRXbHBDVEZSVFJrSnJhVGhhTjI0S2MwZzVRa0pJTXpndlUzcFZiVUZPTkZGSVUxQjVNV2RxY1cwd01FOUJSVGhPWVZsRWEyZ3ZZbnBGTkdRM2JVeEhSMDFYY0M5WFJUTkxVRk4xT0RKSVJncHJVR1UyV0c5VFltbE1iUzlyZUdzek1sUXdQUW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHRDZz09CgotIHBhdGg6ICcvZXRjL3N5c3RlbWQvc3lzdGVtL3NldHVwLnNlcnZpY2UnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMGx1YzNSaGJHeGRDbGRoYm5SbFpFSjVQVzExYkhScExYVnpaWEl1ZEdGeVoyVjBDZ3BiVlc1cGRGMEtVbVZ4ZFdseVpYTTlibVYwZDI5eWF5MXZibXhwYm1VdWRHRnlaMlYwQ2tGbWRHVnlQVzVsZEhkdmNtc3RiMjVzYVc1bExuUmhjbWRsZEFvS1cxTmxjblpwWTJWZENsUjVjR1U5YjI1bGMyaHZkQXBTWlcxaGFXNUJablJsY2tWNGFYUTlkSEoxWlFwRmJuWnBjbTl1YldWdWRFWnBiR1U5TFM5bGRHTXZaVzUyYVhKdmJtMWxiblFLUlhobFkxTjBZWEowUFM5dmNIUXZZbWx1TDNOMWNHVnlkbWx6WlM1emFDQXZiM0IwTDJKcGJpOXpaWFIxY0FvPQoKLSBwYXRoOiAnL2V0Yy9wcm9maWxlLmQvb3B0LWJpbi1wYXRoLnNoJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgWlhod2IzSjBJRkJCVkVnOUlpOXZjSFF2WW1sdU9pUlFRVlJJSWdvPQoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL2t1YmVsZXQuY29uZicKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFlYQnBWbVZ5YzJsdmJqb2dhM1ZpWld4bGRDNWpiMjVtYVdjdWF6aHpMbWx2TDNZeFltVjBZVEVLYTJsdVpEb2dTM1ZpWld4bGRFTnZibVpwWjNWeVlYUnBiMjRLWVhWMGFHVnVkR2xqWVhScGIyNDZDaUFnWVc1dmJubHRiM1Z6T2dvZ0lDQWdaVzVoWW14bFpEb2dabUZzYzJVS0lDQjNaV0pvYjI5ck9nb2dJQ0FnWlc1aFlteGxaRG9nZEhKMVpRb2dJSGcxTURrNkNpQWdJQ0JqYkdsbGJuUkRRVVpwYkdVNklDOWxkR012YTNWaVpYSnVaWFJsY3k5d2Eya3ZZMkV1WTNKMENtRjFkR2h2Y21sNllYUnBiMjQ2Q2lBZ2JXOWtaVG9nVjJWaWFHOXZhd3BqWjNKdmRYQkVjbWwyWlhJNklITjVjM1JsYldRS1kyeDFjM1JsY2tST1V6b0tMU0FpTVRBdU1DNHdMakFpQ21Oc2RYTjBaWEpFYjIxaGFXNDZJR05zZFhOMFpYSXViRzlqWVd3S1kyOXVkR0ZwYm1WeVRHOW5UV0Y0VTJsNlpUb2dNVEF3VFdrS1kyOXVkR0ZwYm1WeVRHOW5UV0Y0Um1sc1pYTTZJRFVLWm1WaGRIVnlaVWRoZEdWek9nb2dJRWR5WVdObFpuVnNUbTlrWlZOb2RYUmtiM2R1T2lCMGNuVmxDaUFnU1dSbGJuUnBabmxRYjJSUFV6b2dabUZzYzJVS2NISnZkR1ZqZEV0bGNtNWxiRVJsWm1GMWJIUnpPaUIwY25WbENuSmxZV1JQYm14NVVHOXlkRG9nTUFweWIzUmhkR1ZEWlhKMGFXWnBZMkYwWlhNNklIUnlkV1VLYzJWeWRtVnlWRXhUUW05dmRITjBjbUZ3T2lCMGNuVmxDbk4wWVhScFkxQnZaRkJoZEdnNklDOWxkR012YTNWaVpYSnVaWFJsY3k5dFlXNXBabVZ6ZEhNS2EzVmlaVkpsYzJWeWRtVmtPZ29nSUdOd2RUb2dNakF3YlFvZ0lHVndhR1Z0WlhKaGJDMXpkRzl5WVdkbE9pQXhSMmtLSUNCdFpXMXZjbms2SURJd01FMXBDbk41YzNSbGJWSmxjMlZ5ZG1Wa09nb2dJR053ZFRvZ01qQXdiUW9nSUdWd2FHVnRaWEpoYkMxemRHOXlZV2RsT2lBeFIya0tJQ0J0WlcxdmNuazZJREl3TUUxcENtVjJhV04wYVc5dVNHRnlaRG9LSUNCcGJXRm5aV1p6TG1GMllXbHNZV0pzWlRvZ01UVWxDaUFnYldWdGIzSjVMbUYyWVdsc1lXSnNaVG9nTVRBd1RXa0tJQ0J1YjJSbFpuTXVZWFpoYVd4aFlteGxPaUF4TUNVS0lDQnViMlJsWm5NdWFXNXZaR1Z6Um5KbFpUb2dOU1VLZEd4elEybHdhR1Z5VTNWcGRHVnpPZ290SUZSTVUxOUJSVk5mTVRJNFgwZERUVjlUU0VFeU5UWUtMU0JVVEZOZlFVVlRYekkxTmw5SFEwMWZVMGhCTXpnMENpMGdWRXhUWDBOSVFVTklRVEl3WDFCUFRGa3hNekExWDFOSVFUSTFOZ290SUZSTVUxOUZRMFJJUlY5RlEwUlRRVjlYU1ZSSVgwRkZVMTh4TWpoZlIwTk5YMU5JUVRJMU5nb3RJRlJNVTE5RlEwUklSVjlGUTBSVFFWOVhTVlJJWDBGRlUxOHlOVFpmUjBOTlgxTklRVE00TkFvdElGUk1VMTlGUTBSSVJWOUZRMFJUUVY5WFNWUklYME5JUVVOSVFUSXdYMUJQVEZreE16QTFDaTBnVkV4VFgwVkRSRWhGWDFKVFFWOVhTVlJJWDBGRlUxOHhNamhmUjBOTlgxTklRVEkxTmdvdElGUk1VMTlGUTBSSVJWOVNVMEZmVjBsVVNGOUJSVk5mTWpVMlgwZERUVjlUU0VFek9EUUtMU0JVVEZOZlJVTkVTRVZmVWxOQlgxZEpWRWhmUTBoQlEwaEJNakJmVUU5TVdURXpNRFVLZG05c2RXMWxVR3gxWjJsdVJHbHlPaUF2ZG1GeUwyeHBZaTlyZFdKbGJHVjBMM1p2YkhWdFpYQnNkV2RwYm5NSwoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LWhlYWx0aGNoZWNrLnNlcnZpY2UnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMVZ1YVhSZENsSmxjWFZwY21WelBXdDFZbVZzWlhRdWMyVnlkbWxqWlFwQlpuUmxjajFyZFdKbGJHVjBMbk5sY25acFkyVUtDbHRUWlhKMmFXTmxYUXBGZUdWalUzUmhjblE5TDI5d2RDOWlhVzR2YUdWaGJIUm9MVzF2Ym1sMGIzSXVjMmdnYTNWaVpXeGxkQW9LVzBsdWMzUmhiR3hkQ2xkaGJuUmxaRUo1UFcxMWJIUnBMWFZ6WlhJdWRHRnlaMlYwQ2c9PQoKLSBwYXRoOiAnL29wdC9kaXNhYmxlLXN3YXAuc2gnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2ZFhOeUwySnBiaTlsYm5ZZ1ltRnphQXB6WlhRZ0xXVjFieUJ3YVhCbFptRnBiQW9LSXlCTllXdGxJSE4xY21VZ2QyVWdZV3gzWVhseklHUnBjMkZpYkdVZ2MzZGhjQ0F0SUU5MGFHVnlkMmx6WlNCMGFHVWdhM1ZpWld4bGRDQjNiMjRuZENCemRHRnlkQ0JoY3lCbWIzSWdjMjl0WlNCamJHOTFaQW9qSUhCeWIzWnBaR1Z5Y3lCemQyRndJR2RsZEhNZ1pXNWhZbXhsWkNCdmJpQnlaV0p2YjNRZ2IzSWdZV1owWlhJZ2RHaGxJSE5sZEhWd0lITmpjbWx3ZENCb1lYTWdabWx1YVhOb1pXUWdaWGhsWTNWMGFXNW5MZ3B6WldRZ0xXa3ViM0pwWnlBbkx5NHFjM2RoY0M0cUwyUW5JQzlsZEdNdlpuTjBZV0lLYzNkaGNHOW1aaUF0WVFvPQoKLSBwYXRoOiAnL2V0Yy9jcmljdGwueWFtbCcKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgY29udGVudDogfC0KICAgIHJ1bnRpbWUtZW5kcG9pbnQ6IHVuaXg6Ly8vcnVuL2NvbnRhaW5lcmQvY29udGFpbmVyZC5zb2NrCiAgICAKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0vY29udGFpbmVyZC5zZXJ2aWNlLmQvZW52aXJvbm1lbnQuY29uZicKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgY29udGVudDogfC0KICAgIFtTZXJ2aWNlXQogICAgUmVzdGFydD1hbHdheXMKICAgIEVudmlyb25tZW50RmlsZT0tL2V0Yy9lbnZpcm9ubWVudAogICAgCgotIHBhdGg6ICcvZXRjL2NvbnRhaW5lcmQvY29uZmlnLnRvbWwnCiAgcGVybWlzc2lvbnM6ICcwNjAwJwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBkbVZ5YzJsdmJpQTlJRElLQ2x0dFpYUnlhV056WFFwaFpHUnlaWE56SUQwZ0lqRXlOeTR3TGpBdU1Ub3hNek00SWdvS1czQnNkV2RwYm5OZENsdHdiSFZuYVc1ekxpSnBieTVqYjI1MFlXbHVaWEprTG1keWNHTXVkakV1WTNKcElsMEtjMkZ1WkdKdmVGOXBiV0ZuWlNBOUlDSXhPVEl1TVRZNExqRXdNQzR4TURBNk5UQXdNQzlyZFdKbGNtNWxkR1Z6TDNCaGRYTmxPbll6TGpFaUNsdHdiSFZuYVc1ekxpSnBieTVqYjI1MFlXbHVaWEprTG1keWNHTXVkakV1WTNKcElpNWpiMjUwWVdsdVpYSmtYUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1WTI5dWRHRnBibVZ5WkM1eWRXNTBhVzFsYzEwS1czQnNkV2RwYm5NdUltbHZMbU52Ym5SaGFXNWxjbVF1WjNKd1l5NTJNUzVqY21raUxtTnZiblJoYVc1bGNtUXVjblZ1ZEdsdFpYTXVjblZ1WTEwS2NuVnVkR2x0WlY5MGVYQmxJRDBnSW1sdkxtTnZiblJoYVc1bGNtUXVjblZ1WXk1Mk1pSUtXM0JzZFdkcGJuTXVJbWx2TG1OdmJuUmhhVzVsY21RdVozSndZeTUyTVM1amNta2lMbU52Ym5SaGFXNWxjbVF1Y25WdWRHbHRaWE11Y25WdVl5NXZjSFJwYjI1elhRcFRlWE4wWlcxa1EyZHliM1Z3SUQwZ2RISjFaUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1Y21WbmFYTjBjbmxkQ2x0d2JIVm5hVzV6TGlKcGJ5NWpiMjUwWVdsdVpYSmtMbWR5Y0dNdWRqRXVZM0pwSWk1eVpXZHBjM1J5ZVM1dGFYSnliM0p6WFFwYmNHeDFaMmx1Y3k0aWFXOHVZMjl1ZEdGcGJtVnlaQzVuY25CakxuWXhMbU55YVNJdWNtVm5hWE4wY25rdWJXbHljbTl5Y3k0aVpHOWphMlZ5TG1sdklsMEtaVzVrY0c5cGJuUWdQU0JiSW1oMGRIQnpPaTh2Y21WbmFYTjBjbmt1Wkc5amEyVnlMV051TG1OdmJTSmRDbHR3YkhWbmFXNXpMaUpwYnk1amIyNTBZV2x1WlhKa0xtZHljR011ZGpFdVkzSnBJaTV5WldkcGMzUnllUzVqYjI1bWFXZHpYUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1Y21WbmFYTjBjbmt1WTI5dVptbG5jeTRpTVRBdU1DNHdMakU2TlRBd01DSmRDbHR3YkhWbmFXNXpMaUpwYnk1amIyNTBZV2x1WlhKa0xtZHljR011ZGpFdVkzSnBJaTV5WldkcGMzUnllUzVqYjI1bWFXZHpMaUl4TUM0d0xqQXVNVG8xTURBd0lpNTBiSE5kQ21sdWMyVmpkWEpsWDNOcmFYQmZkbVZ5YVdaNUlEMGdkSEoxWlFwYmNHeDFaMmx1Y3k0aWFXOHVZMjl1ZEdGcGJtVnlaQzVuY25CakxuWXhMbU55YVNJdWNtVm5hWE4wY25rdVkyOXVabWxuY3k0aU1Ua3lMakUyT0M0eE1EQXVNVEF3T2pVd01EQWlYUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1Y21WbmFYTjBjbmt1WTI5dVptbG5jeTRpTVRreUxqRTJPQzR4TURBdU1UQXdPalV3TURBaUxuUnNjMTBLYVc1elpXTjFjbVZmYzJ0cGNGOTJaWEpwWm5rZ1BTQjBjblZsQ2dvPQoKcmhfc3Vic2NyaXB0aW9uOgogICAgYXV0by1hdHRhY2g6IGZhbHNlCiAgICBwYXNzd29yZDogCiAgICB1c2VybmFtZTogCgp5dW1fcmVwb3M6CiAgICBjbG91ZC1pbml0LWRhaWx5OgogICAgICAgYmFzZXVybDogaHR0cHM6Ly9rOGMuaW8vb3NtCiAgICAgICBlbmFibGVkX21ldGFkYXRhOiAxCiAgICAgICBncGdjaGVjazogdHJ1ZQogICAgICAgZ3Bna2V5OiBodHRwczovL2s4Yy5pby9vc20vcHVia2V5LmdwZwogICAgICAgbmFtZTogdGVzdCBjbG91ZC1pbml0IHl1bSByZXBvcwogICAgICAgc2tpcF9pZl91bmF2YWlsYWJsZTogdHJ1ZQogICAgICAgdHlwZTogcnBtLW1kCgp5dW1fcmVwb19kaXI6IC9zdG9yZS9jdXN0b20veXVtLnJlcG9zLmQ= +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: osp-rhel-aws-kube-system-provisioning-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-bootstrap.yaml b/pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-bootstrap.yaml index e69de29b..74176fdd 100644 --- a/pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-bootstrap.yaml +++ b/pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-bootstrap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpob3N0bmFtZTogPE1BQ0hJTkVfTkFNRT4KCnNzaF9wd2F1dGg6IG5vCnNzaF9hdXRob3JpemVkX2tleXM6Ci0gJ3NzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQ0FRRGRPSWhZbXpDSzVEU1ZMdTNjJwp3cml0ZV9maWxlczoKLSBwYXRoOiAnL29wdC9iaW4vYm9vdHN0cmFwJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdlltbHVMMkpoYzJnS2MyVjBJQzE0WlhWdklIQnBjR1ZtWVdsc0NncDVkVzBnYVc1emRHRnNiQ0F0ZVNCamRYSnNJR3B4Q2dwamRYSnNJQzF6SUMxcklDMTJJQzB0YUdWaFpHVnlJQ2RCZFhSb2IzSnBlbUYwYVc5dU9pQkNaV0Z5WlhJZ2RHOXdMWE5sWTNKbGRDY2dhSFIwY0hNNkx5OW1iMjh1WW1GeU9qWTBORE12WVhCcEwzWXhMMjVoYldWemNHRmpaWE12WTJ4dmRXUXRhVzVwZEMxelpYUjBhVzVuY3k5elpXTnlaWFJ6TDI5emNDMXlhR1ZzTFdGNmRYSmxMV3QxWW1VdGMzbHpkR1Z0TFhCeWIzWnBjMmx2Ym1sdVp5MWpiMjVtYVdjZ2ZDQnFjU0FuTG1SaGRHRmJJbU5zYjNWa0xXTnZibVpwWnlKZEp5QXRjbndnWW1GelpUWTBJQzFrSUQ0Z0wyVjBZeTlqYkc5MVpDOWpiRzkxWkM1alptY3VaQzl2YzNBdGNtaGxiQzFoZW5WeVpTMXJkV0psTFhONWMzUmxiUzF3Y205MmFYTnBiMjVwYm1jdFkyOXVabWxuTG1ObVp3cGpiRzkxWkMxcGJtbDBJR05zWldGdUNtTnNiM1ZrTFdsdWFYUWdMUzFtYVd4bElDOWxkR012WTJ4dmRXUXZZMnh2ZFdRdVkyWm5MbVF2YjNOd0xYSm9aV3d0WVhwMWNtVXRhM1ZpWlMxemVYTjBaVzB0Y0hKdmRtbHphVzl1YVc1bkxXTnZibVpwWnk1alptY2dhVzVwZEFwemVYTjBaVzFqZEd3Z1pHRmxiVzl1TFhKbGJHOWhaQXB6ZVhOMFpXMWpkR3dnY21WemRHRnlkQ0J6WlhSMWNDNXpaWEoyYVdObENnPT0KCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0vYm9vdHN0cmFwLnNlcnZpY2UnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2WW1sdUwySmhjMmdLVzBsdWMzUmhiR3hkQ2xkaGJuUmxaRUo1UFcxMWJIUnBMWFZ6WlhJdWRHRnlaMlYwQ2dwYlZXNXBkRjBLVW1WeGRXbHlaWE05Ym1WMGQyOXlheTF2Ym14cGJtVXVkR0Z5WjJWMENrRm1kR1Z5UFc1bGRIZHZjbXN0YjI1c2FXNWxMblJoY21kbGRBcGJVMlZ5ZG1salpWMEtWSGx3WlQxdmJtVnphRzkwQ2xKbGJXRnBia0ZtZEdWeVJYaHBkRDEwY25WbENrVjRaV05UZEdGeWREMHZiM0IwTDJKcGJpOWliMjkwYzNSeVlYQUsKCnJ1bmNtZDoKLSBzeXN0ZW1jdGwgcmVzdGFydCBib290c3RyYXAuc2VydmljZQotIHN5c3RlbWN0bCBkYWVtb24tcmVsb2FkCgpyaF9zdWJzY3JpcHRpb246CiAgICBhdXRvLWF0dGFjaDogZmFsc2UKICAgIHBhc3N3b3JkOiAKICAgIHVzZXJuYW1lOiAK +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: osp-rhel-azure-kube-system-bootstrap-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-provisioning.yaml b/pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-provisioning.yaml index e69de29b..52174734 100644 --- a/pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-rhel-8.x-azure-containerd-provisioning.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpob3N0bmFtZTogPE1BQ0hJTkVfTkFNRT4KCnNzaF9wd2F1dGg6IG5vCnNzaF9hdXRob3JpemVkX2tleXM6Ci0gJ3NzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQ0FRRGRPSWhZbXpDSzVEU1ZMdTNjJwp3cml0ZV9maWxlczoKLSBwYXRoOiAnL29wdC9iaW4vaGVhbHRoLW1vbml0b3Iuc2gnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2ZFhOeUwySnBiaTlsYm5ZZ1ltRnphQW9LSXlCRGIzQjVjbWxuYUhRZ01qQXhOaUJVYUdVZ1MzVmlaWEp1WlhSbGN5QkJkWFJvYjNKekxnb2pDaU1nVEdsalpXNXpaV1FnZFc1a1pYSWdkR2hsSUVGd1lXTm9aU0JNYVdObGJuTmxMQ0JXWlhKemFXOXVJREl1TUNBb2RHaGxJQ0pNYVdObGJuTmxJaWs3Q2lNZ2VXOTFJRzFoZVNCdWIzUWdkWE5sSUhSb2FYTWdabWxzWlNCbGVHTmxjSFFnYVc0Z1kyOXRjR3hwWVc1alpTQjNhWFJvSUhSb1pTQk1hV05sYm5ObExnb2pJRmx2ZFNCdFlYa2diMkowWVdsdUlHRWdZMjl3ZVNCdlppQjBhR1VnVEdsalpXNXpaU0JoZEFvakNpTWdJQ0FnSUdoMGRIQTZMeTkzZDNjdVlYQmhZMmhsTG05eVp5OXNhV05sYm5ObGN5OU1TVU5GVGxORkxUSXVNQW9qQ2lNZ1ZXNXNaWE56SUhKbGNYVnBjbVZrSUdKNUlHRndjR3hwWTJGaWJHVWdiR0YzSUc5eUlHRm5jbVZsWkNCMGJ5QnBiaUIzY21sMGFXNW5MQ0J6YjJaMGQyRnlaUW9qSUdScGMzUnlhV0oxZEdWa0lIVnVaR1Z5SUhSb1pTQk1hV05sYm5ObElHbHpJR1JwYzNSeWFXSjFkR1ZrSUc5dUlHRnVJQ0pCVXlCSlV5SWdRa0ZUU1ZNc0NpTWdWMGxVU0U5VlZDQlhRVkpTUVU1VVNVVlRJRTlTSUVOUFRrUkpWRWxQVGxNZ1QwWWdRVTVaSUV0SlRrUXNJR1ZwZEdobGNpQmxlSEJ5WlhOeklHOXlJR2x0Y0d4cFpXUXVDaU1nVTJWbElIUm9aU0JNYVdObGJuTmxJR1p2Y2lCMGFHVWdjM0JsWTJsbWFXTWdiR0Z1WjNWaFoyVWdaMjkyWlhKdWFXNW5JSEJsY20xcGMzTnBiMjV6SUdGdVpBb2pJR3hwYldsMFlYUnBiMjV6SUhWdVpHVnlJSFJvWlNCTWFXTmxibk5sTGdvS0l5QlVhR2x6SUhOamNtbHdkQ0JwY3lCbWIzSWdiV0Z6ZEdWeUlHRnVaQ0J1YjJSbElHbHVjM1JoYm1ObElHaGxZV3gwYUNCdGIyNXBkRzl5YVc1bkxDQjNhR2xqYUNCcGN3b2pJSEJoWTJ0bFpDQnBiaUJyZFdKbExXMWhibWxtWlhOMElIUmhjbUpoYkd3dUlFbDBJR2x6SUdWNFpXTjFkR1ZrSUhSb2NtOTFaMmdnWVNCemVYTjBaVzFrSUhObGNuWnBZMlVLSXlCcGJpQmpiSFZ6ZEdWeUwyZGpaUzluWTJrdlBHMWhjM1JsY2k5dWIyUmxQaTU1WVcxc0xpQlVhR1VnWlc1MklIWmhjbWxoWW14bGN5QmpiMjFsSUdaeWIyMGdZVzRnWlc1MkNpTWdabWxzWlNCd2NtOTJhV1JsWkNCaWVTQjBhR1VnYzNsemRHVnRaQ0J6WlhKMmFXTmxMZ29LSXlCVWFHbHpJSE5qY21sd2RDQnBjeUJoSUhOc2FXZG9kR3g1SUdGa2FuVnpkR1ZrSUhabGNuTnBiMjRnYjJZS0l5Qm9kSFJ3Y3pvdkwyZHBkR2gxWWk1amIyMHZhM1ZpWlhKdVpYUmxjeTlyZFdKbGNtNWxkR1Z6TDJKc2IySXZaVEZoTVdGaE1qRXhNakkwWm1Oa09XSXlNVE0wTWpCaU9EQmlNbUZsTmpnd05qWTVOamd6WkM5amJIVnpkR1Z5TDJkalpTOW5ZMmt2YUdWaGJIUm9MVzF2Ym1sMGIzSXVjMmdLSXlCQlpHcDFjM1J0Wlc1MGN5QmhjbVU2Q2lNZ0tpQkxkV0psYkdWMElHaGxZV3gwYUNCd2IzSjBJR2x6SURFd01qUTRJRzV2ZENBeE1ESTFOUW9qSUNvZ1VtVnRiM1poYkNCdlppQmhiR3dnWVd4c0lISmxabVZ5Wlc1alpYTWdkRzhnZEdobElFdFZRa1ZmUlU1V0lHWnBiR1VLQ25ObGRDQXRieUJ1YjNWdWMyVjBDbk5sZENBdGJ5QndhWEJsWm1GcGJBb0tJeUJYWlNCemFXMXdiSGtnYTJsc2JDQjBhR1VnY0hKdlkyVnpjeUIzYUdWdUlIUm9aWEpsSUdseklHRWdabUZwYkhWeVpTNGdRVzV2ZEdobGNpQnplWE4wWlcxa0lITmxjblpwWTJVZ2QybHNiQW9qSUdGMWRHOXRZWFJwWTJGc2JIa2djbVZ6ZEdGeWRDQjBhR1VnY0hKdlkyVnpjeTRLWm5WdVkzUnBiMjRnWTI5dWRHRnBibVZ5WDNKMWJuUnBiV1ZmYlc5dWFYUnZjbWx1WnlncElIc0tJQ0JzYjJOaGJDQXRjaUJ0WVhoZllYUjBaVzF3ZEhNOU5Rb2dJR3h2WTJGc0lHRjBkR1Z0Y0hROU1Rb2dJR3h2WTJGc0lDMXlJR052Ym5SaGFXNWxjbDl5ZFc1MGFXMWxYMjVoYldVOUlpUjdRMDlPVkVGSlRrVlNYMUpWVGxSSlRVVmZUa0ZOUlRvdFpHOWphMlZ5ZlNJS0lDQWpJRmRsSUhOMGFXeHNJRzVsWldRZ2RHOGdkWE5sSUNka2IyTnJaWElnY0hNbklIZG9aVzRnWTI5dWRHRnBibVZ5SUhKMWJuUnBiV1VnYVhNZ0ltUnZZMnRsY2lJdUlGUm9hWE1nYVhNZ1ltVmpZWFZ6WlFvZ0lDTWdaRzlqYTJWeWMyaHBiU0JwY3lCemRHbHNiQ0J3WVhKMElHOW1JR3QxWW1Wc1pYUWdkRzlrWVhrdUlGZG9aVzRnYTNWaVpXeGxkQ0JwY3lCa2IzZHVMQ0JqY21samRHd2djRzlrY3dvZ0lDTWdkMmxzYkNCaGJITnZJR1poYVd3c0lHRnVaQ0JrYjJOclpYSWdkMmxzYkNCaVpTQnJhV3hzWldRdUlGUm9hWE1nYVhNZ2RXNWtaWE5wY21GaWJHVWdaWE53WldOcFlXeHNlU0IzYUdWdUNpQWdJeUJrYjJOclpYSWdiR2wyWlNCeVpYTjBiM0psSUdseklHUnBjMkZpYkdWa0xnb2dJR3h2WTJGc0lHaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUTlJbVJ2WTJ0bGNpQndjeUlLSUNCcFppQmJXeUFpSkh0RFQwNVVRVWxPUlZKZlVsVk9WRWxOUlRvdFpHOWphMlZ5ZlNJZ0lUMGdJbVJ2WTJ0bGNpSWdYVjA3SUhSb1pXNEtJQ0FnSUdobFlXeDBhR05vWldOclgyTnZiVzFoYm1ROUltTnlhV04wYkNCd2IyUnpJZ29nSUdacENpQWdJeUJEYjI1MFlXbHVaWElnY25WdWRHbHRaU0J6ZEdGeWRIVndJSFJoYTJWeklIUnBiV1V1SUUxaGEyVWdhVzVwZEdsaGJDQmhkSFJsYlhCMGN5QmlaV1p2Y21VZ2MzUmhjblJwYm1jS0lDQWpJR3RwYkd4cGJtY2dkR2hsSUdOdmJuUmhhVzVsY2lCeWRXNTBhVzFsTGdvZ0lIVnVkR2xzSUhScGJXVnZkWFFnTmpBZ0pIdG9aV0ZzZEdoamFHVmphMTlqYjIxdFlXNWtmU0ErSUM5a1pYWXZiblZzYkRzZ1pHOEtJQ0FnSUdsbUlDZ29ZWFIwWlcxd2RDQTlQU0J0WVhoZllYUjBaVzF3ZEhNcEtUc2dkR2hsYmdvZ0lDQWdJQ0JsWTJodklDSk5ZWGdnWVhSMFpXMXdkQ0FrZTIxaGVGOWhkSFJsYlhCMGMzMGdjbVZoWTJobFpDRWdVSEp2WTJWbFpHbHVaeUIwYnlCdGIyNXBkRzl5SUdOdmJuUmhhVzVsY2lCeWRXNTBhVzFsSUdobFlXeDBhR2x1WlhOekxpSUtJQ0FnSUNBZ1luSmxZV3NLSUNBZ0lHWnBDaUFnSUNCbFkyaHZJQ0lrWVhSMFpXMXdkQ0JwYm1sMGFXRnNJR0YwZEdWdGNIUWdYQ0lrZTJobFlXeDBhR05vWldOclgyTnZiVzFoYm1SOVhDSWhJRlJ5ZVdsdVp5QmhaMkZwYmlCcGJpQWtZWFIwWlcxd2RDQnpaV052Ym1SekxpNHVJZ29nSUNBZ2MyeGxaWEFnSWlRb0tESWdLaW9nWVhSMFpXMXdkQ3NyS1NraUNpQWdaRzl1WlFvZ0lIZG9hV3hsSUhSeWRXVTdJR1J2Q2lBZ0lDQnBaaUFoSUhScGJXVnZkWFFnTmpBZ0pIdG9aV0ZzZEdoamFHVmphMTlqYjIxdFlXNWtmU0ErSUM5a1pYWXZiblZzYkRzZ2RHaGxiZ29nSUNBZ0lDQmxZMmh2SUNKRGIyNTBZV2x1WlhJZ2NuVnVkR2x0WlNBa2UyTnZiblJoYVc1bGNsOXlkVzUwYVcxbFgyNWhiV1Y5SUdaaGFXeGxaQ0VpQ2lBZ0lDQWdJR2xtSUZ0YklDSWtZMjl1ZEdGcGJtVnlYM0oxYm5ScGJXVmZibUZ0WlNJZ1BUMGdJbVJ2WTJ0bGNpSWdYVjA3SUhSb1pXNEtJQ0FnSUNBZ0lDQWpJRVIxYlhBZ2MzUmhZMnNnYjJZZ1pHOWphMlZ5SUdSaFpXMXZiaUJtYjNJZ2FXNTJaWE4wYVdkaGRHbHZiaTRLSUNBZ0lDQWdJQ0FqSUV4dlp5Qm1hV3hsSUc1aGJXVWdiRzl2YTNNZ2JHbHJaU0JuYjNKdmRYUnBibVV0YzNSaFkydHpMVlJKVFVWVFZFRk5VQ0JoYm1RZ2QybHNiQ0JpWlNCellYWmxaQ0IwYndvZ0lDQWdJQ0FnSUNNZ2RHaGxJR1Y0WldNZ2NtOXZkQ0JrYVhKbFkzUnZjbmtzSUhkb2FXTm9JR2x6SUM5MllYSXZjblZ1TDJSdlkydGxjaThnYjI0Z1ZXSjFiblIxSUdGdVpDQkRUMU11Q2lBZ0lDQWdJQ0FnY0d0cGJHd2dMVk5KUjFWVFVqRWdaRzlqYTJWeVpBb2dJQ0FnSUNCbWFRb2dJQ0FnSUNCemVYTjBaVzFqZEd3Z2EybHNiQ0F0TFd0cGJHd3RkMmh2UFcxaGFXNGdJaVI3WTI5dWRHRnBibVZ5WDNKMWJuUnBiV1ZmYm1GdFpYMGlDaUFnSUNBZ0lDTWdWMkZwZENCbWIzSWdZU0IzYUdsc1pTd2dZWE1nZDJVZ1pHOXVKM1FnZDJGdWRDQjBieUJyYVd4c0lHbDBJR0ZuWVdsdUlHSmxabTl5WlNCcGRDQnBjeUJ5WldGc2JIa2dkWEF1Q2lBZ0lDQWdJSE5zWldWd0lERXlNQW9nSUNBZ1pXeHpaUW9nSUNBZ0lDQnpiR1ZsY0NBaUpIdFRURVZGVUY5VFJVTlBUa1JUZlNJS0lDQWdJR1pwQ2lBZ1pHOXVaUXA5Q2dwbWRXNWpkR2x2YmlCcmRXSmxiR1YwWDIxdmJtbDBiM0pwYm1jb0tTQjdDaUFnWldOb2J5QWlWMkZwZENCbWIzSWdNaUJ0YVc1MWRHVnpJR1p2Y2lCcmRXSmxiR1YwSUhSdklHSmxJR1oxYm1OMGFXOXVZV3dpQ2lBZ2MyeGxaWEFnTVRJd0NpQWdiRzlqWVd3Z0xYSWdiV0Y0WDNObFkyOXVaSE05TVRBS0lDQnNiMk5oYkNCdmRYUndkWFE5SWlJS0lDQjNhR2xzWlNCMGNuVmxPeUJrYndvZ0lDQWdiRzlqWVd3Z1ptRnBiR1ZrUFdaaGJITmxDZ29nSUNBZ2FXWWdhbTkxY201aGJHTjBiQ0F0ZFNCcmRXSmxiR1YwSUMxdUlERWdmQ0JuY21Wd0lDMXhJQ0oxYzJVZ2IyWWdZMnh2YzJWa0lHNWxkSGR2Y21zZ1kyOXVibVZqZEdsdmJpSTdJSFJvWlc0S0lDQWdJQ0FnWm1GcGJHVmtQWFJ5ZFdVS0lDQWdJQ0FnWldOb2J5QWlTM1ZpWld4bGRDQnpkRzl3Y0dWa0lIQnZjM1JwYm1jZ2JtOWtaU0J6ZEdGMGRYTXVJRkpsYzNSaGNuUnBibWNpQ2lBZ0lDQmxiR2xtSUNFZ2IzVjBjSFYwUFNRb1kzVnliQ0F0YlNBaUpIdHRZWGhmYzJWamIyNWtjMzBpSUMxbUlDMXpJQzFUSUdoMGRIQTZMeTh4TWpjdU1DNHdMakU2TVRBeU5EZ3ZhR1ZoYkhSb2VpQXlQaVl4S1RzZ2RHaGxiZ29nSUNBZ0lDQm1ZV2xzWldROWRISjFaUW9nSUNBZ0lDQWpJRkJ5YVc1MElIUm9aU0J5WlhOd2IyNXpaU0JoYm1RdmIzSWdaWEp5YjNKekxnb2dJQ0FnSUNCbFkyaHZJQ0lrYjNWMGNIVjBJZ29nSUNBZ1pta0tDaUFnSUNCcFppQmJXeUFpSkdaaGFXeGxaQ0lnUFQwZ0luUnlkV1VpSUYxZE95QjBhR1Z1Q2lBZ0lDQWdJR1ZqYUc4Z0lrdDFZbVZzWlhRZ2FYTWdkVzVvWldGc2RHaDVJU0lLSUNBZ0lDQWdjM2x6ZEdWdFkzUnNJR3RwYkd3Z2EzVmlaV3hsZEFvZ0lDQWdJQ0FqSUZkaGFYUWdabTl5SUdFZ2QyaHBiR1VzSUdGeklIZGxJR1J2YmlkMElIZGhiblFnZEc4Z2EybHNiQ0JwZENCaFoyRnBiaUJpWldadmNtVWdhWFFnYVhNZ2NtVmhiR3g1SUhWd0xnb2dJQ0FnSUNCemJHVmxjQ0EyTUFvZ0lDQWdaV3h6WlFvZ0lDQWdJQ0J6YkdWbGNDQWlKSHRUVEVWRlVGOVRSVU5QVGtSVGZTSUtJQ0FnSUdacENpQWdaRzl1WlFwOUNnb2pJeU1qSXlNakl5TWpJeU1qSXlCTllXbHVJRVoxYm1OMGFXOXVJQ01qSXlNakl5TWpJeU1qSXlNakl5TUthV1lnVzFzZ0lpUWpJaUF0Ym1VZ01TQmRYVHNnZEdobGJnb2dJR1ZqYUc4Z0lsVnpZV2RsT2lCb1pXRnNkR2d0Ylc5dWFYUnZjaTV6YUNBOFkyOXVkR0ZwYm1WeUxYSjFiblJwYldVdmEzVmlaV3hsZEQ0aUNpQWdaWGhwZENBeENtWnBDZ3BUVEVWRlVGOVRSVU5QVGtSVFBURXdDbU52YlhCdmJtVnVkRDBrTVFwbFkyaHZJQ0pUZEdGeWRDQnJkV0psY201bGRHVnpJR2hsWVd4MGFDQnRiMjVwZEc5eWFXNW5JR1p2Y2lBa2UyTnZiWEJ2Ym1WdWRIMGlDbWxtSUZ0YklDSWtlMk52YlhCdmJtVnVkSDBpSUQwOUlDSmpiMjUwWVdsdVpYSXRjblZ1ZEdsdFpTSWdYVjA3SUhSb1pXNEtJQ0JqYjI1MFlXbHVaWEpmY25WdWRHbHRaVjl0YjI1cGRHOXlhVzVuQ21Wc2FXWWdXMXNnSWlSN1kyOXRjRzl1Wlc1MGZTSWdQVDBnSW10MVltVnNaWFFpSUYxZE95QjBhR1Z1Q2lBZ2EzVmlaV3hsZEY5dGIyNXBkRzl5YVc1bkNtVnNjMlVLSUNCbFkyaHZJQ0pJWldGc2RHZ2diVzl1YVhSdmNtbHVaeUJtYjNJZ1kyOXRjRzl1Wlc1MElDUjdZMjl0Y0c5dVpXNTBmU0JwY3lCdWIzUWdjM1Z3Y0c5eWRHVmtJU0lLWm1rSwoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL2pvdXJuYWxkLmNvbmYuZC9tYXhfZGlza191c2UuY29uZicKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcwcHZkWEp1WVd4ZENsTjVjM1JsYlUxaGVGVnpaVDAxUndvPQoKLSBwYXRoOiAnL29wdC9sb2FkLWtlcm5lbC1tb2R1bGVzLnNoJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdmRYTnlMMkpwYmk5bGJuWWdZbUZ6YUFwelpYUWdMV1YxYnlCd2FYQmxabUZwYkFvS2JXOWtjSEp2WW1VZ2FYQmZkR0ZpYkdWekNtMXZaSEJ5YjJKbElHbHdYM1p6Q20xdlpIQnliMkpsSUdsd1gzWnpYM0p5Q20xdlpIQnliMkpsSUdsd1gzWnpYM2R5Y2dwdGIyUndjbTlpWlNCcGNGOTJjMTl6YUFvS2FXWWdiVzlrYVc1bWJ5QnVabDlqYjI1dWRISmhZMnRmYVhCMk5DQW1QaUF2WkdWMkwyNTFiR3c3SUhSb1pXNEtJQ0J0YjJSd2NtOWlaU0J1Wmw5amIyNXVkSEpoWTJ0ZmFYQjJOQXBsYkhObENpQWdiVzlrY0hKdlltVWdibVpmWTI5dWJuUnlZV05yQ21acENnPT0KCi0gcGF0aDogJy9ldGMvc3lzY3RsLmQvazhzLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBibVYwTG1KeWFXUm5aUzVpY21sa1oyVXRibVl0WTJGc2JDMXBjRFowWVdKc1pYTWdQU0F4Q201bGRDNWljbWxrWjJVdVluSnBaR2RsTFc1bUxXTmhiR3d0YVhCMFlXSnNaWE1nUFNBeENtdGxjbTVsYkM1d1lXNXBZMTl2Ymw5dmIzQnpJRDBnTVFwclpYSnVaV3d1Y0dGdWFXTWdQU0F4TUFwdVpYUXVhWEIyTkM1cGNGOW1iM0ozWVhKa0lEMGdNUXAyYlM1dmRtVnlZMjl0YldsMFgyMWxiVzl5ZVNBOUlERUtabk11YVc1dmRHbG1lUzV0WVhoZmRYTmxjbDkzWVhSamFHVnpJRDBnTVRBME9EVTNOZ3BtY3k1cGJtOTBhV1o1TG0xaGVGOTFjMlZ5WDJsdWMzUmhibU5sY3lBOUlEZ3hPVElLCgotIHBhdGg6ICcvZXRjL3NlbGludXgvY29uZmlnJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlCVWFHbHpJR1pwYkdVZ1kyOXVkSEp2YkhNZ2RHaGxJSE4wWVhSbElHOW1JRk5GVEdsdWRYZ2diMjRnZEdobElITjVjM1JsYlM0S0l5QlRSVXhKVGxWWVBTQmpZVzRnZEdGclpTQnZibVVnYjJZZ2RHaGxjMlVnZEdoeVpXVWdkbUZzZFdWek9nb2pJQ0FnSUNCbGJtWnZjbU5wYm1jZ0xTQlRSVXhwYm5WNElITmxZM1Z5YVhSNUlIQnZiR2xqZVNCcGN5QmxibVp2Y21ObFpDNEtJeUFnSUNBZ2NHVnliV2x6YzJsMlpTQXRJRk5GVEdsdWRYZ2djSEpwYm5SeklIZGhjbTVwYm1keklHbHVjM1JsWVdRZ2IyWWdaVzVtYjNKamFXNW5MZ29qSUNBZ0lDQmthWE5oWW14bFpDQXRJRTV2SUZORlRHbHVkWGdnY0c5c2FXTjVJR2x6SUd4dllXUmxaQzRLVTBWTVNVNVZXRDF3WlhKdGFYTnphWFpsQ2lNZ1UwVk1TVTVWV0ZSWlVFVTlJR05oYmlCMFlXdGxJRzl1WlNCdlppQjBhSEpsWlNCMGQyOGdkbUZzZFdWek9nb2pJQ0FnSUNCMFlYSm5aWFJsWkNBdElGUmhjbWRsZEdWa0lIQnliMk5sYzNObGN5QmhjbVVnY0hKdmRHVmpkR1ZrTEFvaklDQWdJQ0J0YVc1cGJYVnRJQzBnVFc5a2FXWnBZMkYwYVc5dUlHOW1JSFJoY21kbGRHVmtJSEJ2YkdsamVTNGdUMjVzZVNCelpXeGxZM1JsWkNCd2NtOWpaWE56WlhNZ1lYSmxJSEJ5YjNSbFkzUmxaQzRLSXlBZ0lDQWdiV3h6SUMwZ1RYVnNkR2tnVEdWMlpXd2dVMlZqZFhKcGRIa2djSEp2ZEdWamRHbHZiaTRLVTBWTVNVNVZXRlJaVUVVOWRHRnlaMlYwWldRSwoKLSBwYXRoOiAnL29wdC9iaW4vc2V0dXAnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2WW1sdUwySmhjMmdLYzJWMElDMTRaWFZ2SUhCcGNHVm1ZV2xzQ2dwelpYUmxibVp2Y21ObElEQWdmSHdnZEhKMVpRcHplWE4wWlcxamRHd2djbVZ6ZEdGeWRDQnplWE4wWlcxa0xXMXZaSFZzWlhNdGJHOWhaQzV6WlhKMmFXTmxDbk41YzJOMGJDQXRMWE41YzNSbGJRb0tlWFZ0SUdsdWMzUmhiR3dnTFhrZ1hBb2dJR1JsZG1salpTMXRZWEJ3WlhJdGNHVnljMmx6ZEdWdWRDMWtZWFJoSUZ3S0lDQnNkbTB5SUZ3S0lDQmxZblJoWW14bGN5QmNDaUFnWlhSb2RHOXZiQ0JjQ2lBZ2JtWnpMWFYwYVd4eklGd0tJQ0JpWVhOb0xXTnZiWEJzWlhScGIyNGdYQW9nSUhOMVpHOGdYQW9nSUhOdlkyRjBJRndLSUNCM1oyVjBJRndLSUNCamRYSnNJRndLSUNCcGNIWnpZV1J0Q2dwemVYTjBaVzFqZEd3Z1pHbHpZV0pzWlNBdExXNXZkeUJtYVhKbGQyRnNiR1FnZkh3Z2RISjFaUXA1ZFcwZ2FXNXpkR0ZzYkNBdGVTQjVkVzB0ZFhScGJITUtlWFZ0TFdOdmJtWnBaeTF0WVc1aFoyVnlJQzB0WVdSa0xYSmxjRzg5YUhSMGNITTZMeTlrYjNkdWJHOWhaQzVrYjJOclpYSXVZMjl0TDJ4cGJuVjRMMk5sYm5SdmN5OWtiMk5yWlhJdFkyVXVjbVZ3YndwNWRXMHRZMjl1Wm1sbkxXMWhibUZuWlhJZ0xTMXpZWFpsSUMwdGMyVjBiM0IwUFdSdlkydGxjaTFqWlMxemRHRmliR1V1Ylc5a2RXeGxYMmh2ZEdacGVHVnpQWFJ5ZFdVS0NubDFiU0JwYm5OMFlXeHNJQzE1SUdOdmJuUmhhVzVsY21RdWFXOHRNUzQxS2lCNWRXMHRjR3gxWjJsdUxYWmxjbk5wYjI1c2IyTnJDbmwxYlNCMlpYSnphVzl1Ykc5amF5QmhaR1FnWTI5dWRHRnBibVZ5WkM1cGJ3b0tjM2x6ZEdWdFkzUnNJR1JoWlcxdmJpMXlaV3h2WVdRS2MzbHpkR1Z0WTNSc0lHVnVZV0pzWlNBdExXNXZkeUJqYjI1MFlXbHVaWEprQ2dwdmNIUmZZbWx1UFM5dmNIUXZZbWx1Q25WemNsOXNiMk5oYkY5aWFXNDlMM1Z6Y2k5c2IyTmhiQzlpYVc0S1kyNXBYMkpwYmw5a2FYSTlMMjl3ZEM5amJta3ZZbWx1Q20xclpHbHlJQzF3SUM5bGRHTXZZMjVwTDI1bGRDNWtJQzlsZEdNdmEzVmlaWEp1WlhSbGN5OXRZVzVwWm1WemRITWdJaVJ2Y0hSZlltbHVJaUFpSkdOdWFWOWlhVzVmWkdseUlncHRhMlJwY2lBdGNDQXZaWFJqTDJ0MVltVnlibVYwWlhNdlpIbHVZVzFwWXkxamIyNW1hV2N0WkdseUNtRnlZMmc5Skh0SVQxTlVYMEZTUTBndGZRcHBaaUJiSUMxNklDSWtZWEpqYUNJZ1hRcDBhR1Z1Q21OaGMyVWdKQ2gxYm1GdFpTQXRiU2tnYVc0S2VEZzJYelkwS1FvZ0lDQWdZWEpqYUQwaVlXMWtOalFpQ2lBZ0lDQTdPd3BoWVhKamFEWTBLUW9nSUNBZ1lYSmphRDBpWVhKdE5qUWlDaUFnSUNBN093b3FLUW9nSUNBZ1pXTm9ieUFpZFc1emRYQndiM0owWldRZ1ExQlZJR0Z5WTJocGRHVmpkSFZ5WlN3Z1pYaHBkR2x1WnlJS0lDQWdJR1Y0YVhRZ01Rb2dJQ0FnT3pzS1pYTmhZd3BtYVFwRFRrbGZWa1ZTVTBsUFRqMGlKSHREVGtsZlZrVlNVMGxQVGpvdGRqQXVPQzQzZlNJS1kyNXBYMkpoYzJWZmRYSnNQU0pvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2WTI5dWRHRnBibVZ5Ym1WMGQyOXlhMmx1Wnk5d2JIVm5hVzV6TDNKbGJHVmhjMlZ6TDJSdmQyNXNiMkZrTHlSRFRrbGZWa1ZTVTBsUFRpSUtZMjVwWDJacGJHVnVZVzFsUFNKamJta3RjR3gxWjJsdWN5MXNhVzUxZUMwa1lYSmphQzBrUTA1SlgxWkZVbE5KVDA0dWRHZDZJZ3BqZFhKc0lDMU1abThnSWlSamJtbGZZbWx1WDJScGNpOGtZMjVwWDJacGJHVnVZVzFsSWlBaUpHTnVhVjlpWVhObFgzVnliQzhrWTI1cFgyWnBiR1Z1WVcxbElncGpibWxmYzNWdFBTUW9ZM1Z5YkNBdFRHWWdJaVJqYm1sZlltRnpaVjkxY213dkpHTnVhVjltYVd4bGJtRnRaUzV6YUdFeU5UWWlLUXBqWkNBaUpHTnVhVjlpYVc1ZlpHbHlJZ3B6YUdFeU5UWnpkVzBnTFdNZ1BEdzhJaVJqYm1sZmMzVnRJZ3AwWVhJZ2VIWm1JQ0lrWTI1cFgyWnBiR1Z1WVcxbElncHliU0F0WmlBaUpHTnVhVjltYVd4bGJtRnRaU0lLWTJRZ0xRcERVa2xmVkU5UFRGTmZVa1ZNUlVGVFJUMGlKSHREVWtsZlZFOVBURk5mVWtWTVJVRlRSVG90ZGpFdU1qSXVNSDBpQ21OeWFWOTBiMjlzYzE5aVlYTmxYM1Z5YkQwaWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwydDFZbVZ5Ym1WMFpYTXRjMmxuY3k5amNta3RkRzl2YkhNdmNtVnNaV0Z6WlhNdlpHOTNibXh2WVdRdkpIdERVa2xmVkU5UFRGTmZVa1ZNUlVGVFJYMGlDbU55YVY5MGIyOXNjMTltYVd4bGJtRnRaVDBpWTNKcFkzUnNMU1I3UTFKSlgxUlBUMHhUWDFKRlRFVkJVMFY5TFd4cGJuVjRMU1I3WVhKamFIMHVkR0Z5TG1kNklncGpkWEpzSUMxTVptOGdJaVJ2Y0hSZlltbHVMeVJqY21sZmRHOXZiSE5mWm1sc1pXNWhiV1VpSUNJa1kzSnBYM1J2YjJ4elgySmhjMlZmZFhKc0x5UmpjbWxmZEc5dmJITmZabWxzWlc1aGJXVWlDbU55YVY5MGIyOXNjMTl6ZFcwOUpDaGpkWEpzSUMxTVppQWlKR055YVY5MGIyOXNjMTlpWVhObFgzVnliQzhrWTNKcFgzUnZiMnh6WDJacGJHVnVZVzFsTG5Ob1lUSTFOaUlnZkNCelpXUWdKM012WENwY0x5OHZKeWtLWTJRZ0lpUnZjSFJmWW1sdUlncHphR0V5TlRaemRXMGdMV01nUER3OElpUmpjbWxmZEc5dmJITmZjM1Z0SWdwMFlYSWdlSFptSUNJa1kzSnBYM1J2YjJ4elgyWnBiR1Z1WVcxbElncHliU0F0WmlBaUpHTnlhVjkwYjI5c2MxOW1hV3hsYm1GdFpTSUtiRzRnTFhObUlDSWtiM0IwWDJKcGJpOWpjbWxqZEd3aUlDSWtkWE55WDJ4dlkyRnNYMkpwYmlJdlkzSnBZM1JzSUh4OElHVmphRzhnSW5ONWJXSnZiR2xqSUd4cGJtc2dhWE1nYzJ0cGNIQmxaQ0lLWTJRZ0xRcExWVUpGWDFaRlVsTkpUMDQ5SWlSN1MxVkNSVjlXUlZKVFNVOU9PaTEyTVM0eU1pNHlmU0lLYTNWaVpWOWthWEk5SWlSdmNIUmZZbWx1TDJ0MVltVnlibVYwWlhNdEpFdFZRa1ZmVmtWU1UwbFBUaUlLYTNWaVpWOWlZWE5sWDNWeWJEMGlhSFIwY0hNNkx5OXpkRzl5WVdkbExtZHZiMmRzWldGd2FYTXVZMjl0TDJ0MVltVnlibVYwWlhNdGNtVnNaV0Z6WlM5eVpXeGxZWE5sTHlSTFZVSkZYMVpGVWxOSlQwNHZZbWx1TDJ4cGJuVjRMeVJoY21Ob0lncHJkV0psWDNOMWJWOW1hV3hsUFNJa2EzVmlaVjlrYVhJdmMyaGhNalUySWdwdGEyUnBjaUF0Y0NBaUpHdDFZbVZmWkdseUlnbzZJRDRpSkd0MVltVmZjM1Z0WDJacGJHVWlDZ3BtYjNJZ1ltbHVJR2x1SUd0MVltVnNaWFFnYTNWaVpXRmtiU0JyZFdKbFkzUnNPeUJrYndvZ0lDQWdZM1Z5YkNBdFRHWnZJQ0lrYTNWaVpWOWthWEl2SkdKcGJpSWdJaVJyZFdKbFgySmhjMlZmZFhKc0x5UmlhVzRpQ2lBZ0lDQmphRzF2WkNBcmVDQWlKR3QxWW1WZlpHbHlMeVJpYVc0aUNpQWdJQ0J6ZFcwOUpDaGpkWEpzSUMxTVppQWlKR3QxWW1WZlltRnpaVjkxY213dkpHSnBiaTV6YUdFeU5UWWlLUW9nSUNBZ1pXTm9ieUFpSkhOMWJTQWdKR3QxWW1WZlpHbHlMeVJpYVc0aUlENCtJaVJyZFdKbFgzTjFiVjltYVd4bElncGtiMjVsQ25Ob1lUSTFObk4xYlNBdFl5QWlKR3QxWW1WZmMzVnRYMlpwYkdVaUNncG1iM0lnWW1sdUlHbHVJR3QxWW1Wc1pYUWdhM1ZpWldGa2JTQnJkV0psWTNSc095Qmtid29nSUNBZ2JHNGdMWE5tSUNJa2EzVmlaVjlrYVhJdkpHSnBiaUlnSWlSdmNIUmZZbWx1SWk4a1ltbHVDbVJ2Ym1VS0NrUkZSa0ZWVEZSZlNVWkRYMDVCVFVVOUpDaHBjQ0F0YnlCeWIzVjBaU0JuWlhRZ01TQWdmQ0JuY21Wd0lDMXZVQ0FpWkdWMklGeExYRk1ySWlrS0NpTWdaVzVoWW14bElFUklRMUIyTmlCdmJpQjBhR1VnWkdWbVlYVnNkQ0JwYm5SbGNtWmhZMlVLWldOb2J5Qk9SVlJYVDFKTFNVNUhYMGxRVmpZOWVXVnpJRDQrSUM5bGRHTXZjM2x6WTI5dVptbG5MMjVsZEhkdmNtc0taV05vYnlCSlVGWTJTVTVKVkQxNVpYTWdQajRnTDJWMFl5OXplWE5qYjI1bWFXY3ZibVYwZDI5eWF5MXpZM0pwY0hSekwybG1ZMlpuTFNSRVJVWkJWVXhVWDBsR1ExOU9RVTFGQ21WamFHOGdSRWhEVUZZMlF6MTVaWE1nUGo0Z0wyVjBZeTl6ZVhOamIyNW1hV2N2Ym1WMGQyOXlheTF6WTNKcGNIUnpMMmxtWTJabkxTUkVSVVpCVlV4VVgwbEdRMTlPUVUxRkNtbG1aRzkzYmlBa1JFVkdRVlZNVkY5SlJrTmZUa0ZOUlNBbUppQnBablZ3SUNSRVJVWkJWVXhVWDBsR1ExOU9RVTFGQ2dwdGEyUnBjaUF0Y0NBdlpYUmpMM041YzNSbGJXUXZjM2x6ZEdWdEwydDFZbVZzWlhRdWMyVnlkbWxqWlM1a0x3b2pJSE5sZENCcmRXSmxiR1YwSUc1dlpHVnBjQ0JsYm5acGNtOXViV1Z1ZENCMllYSnBZV0pzWlFvdmIzQjBMMkpwYmk5elpYUjFjRjl1WlhSZlpXNTJMbk5vQ2dwemVYTjBaVzFqZEd3Z1pXNWhZbXhsSUMwdGJtOTNJR3QxWW1Wc1pYUUtjM2x6ZEdWdFkzUnNJR1Z1WVdKc1pTQXRMVzV2ZHlBdExXNXZMV0pzYjJOcklHdDFZbVZzWlhRdGFHVmhiSFJvWTJobFkyc3VjMlZ5ZG1salpRbz0KCi0gcGF0aDogJy9vcHQvYmluL3N1cGVydmlzZS5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZZbWx1TDJKaGMyZ0tjMlYwSUMxNFpYVnZJSEJwY0dWbVlXbHNDbmRvYVd4bElDRWdJaVJBSWpzZ1pHOEtJQ0J6YkdWbGNDQXhDbVJ2Ym1VSwoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LnNlcnZpY2UnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMVZ1YVhSZENrRm1kR1Z5UFdOdmJuUmhhVzVsY21RdWMyVnlkbWxqWlFwU1pYRjFhWEpsY3oxamIyNTBZV2x1WlhKa0xuTmxjblpwWTJVS0NrUmxjMk55YVhCMGFXOXVQV3QxWW1Wc1pYUTZJRlJvWlNCTGRXSmxjbTVsZEdWeklFNXZaR1VnUVdkbGJuUUtSRzlqZFcxbGJuUmhkR2x2Ymoxb2RIUndjem92TDJ0MVltVnlibVYwWlhNdWFXOHZaRzlqY3k5b2IyMWxMd29LVzFObGNuWnBZMlZkQ2xWelpYSTljbTl2ZEFwU1pYTjBZWEowUFdGc2QyRjVjd3BUZEdGeWRFeHBiV2wwU1c1MFpYSjJZV3c5TUFwU1pYTjBZWEowVTJWalBURXdDa05RVlVGalkyOTFiblJwYm1jOWRISjFaUXBOWlcxdmNubEJZMk52ZFc1MGFXNW5QWFJ5ZFdVS0NrVnVkbWx5YjI1dFpXNTBQU0pRUVZSSVBTOXZjSFF2WW1sdU9pOWlhVzQ2TDNWemNpOXNiMk5oYkM5elltbHVPaTkxYzNJdmJHOWpZV3d2WW1sdU9pOTFjM0l2YzJKcGJqb3ZkWE55TDJKcGJqb3ZjMkpwYmk4aUNrVnVkbWx5YjI1dFpXNTBSbWxzWlQwdEwyVjBZeTlsYm5acGNtOXViV1Z1ZEFvS1JYaGxZMU4wWVhKMFVISmxQUzlpYVc0dlltRnphQ0F2YjNCMEwyUnBjMkZpYkdVdGMzZGhjQzV6YUFwRmVHVmpVM1JoY25SUWNtVTlMMkpwYmk5aVlYTm9JQzl2Y0hRdmJHOWhaQzFyWlhKdVpXd3RiVzlrZFd4bGN5NXphQXBGZUdWalUzUmhjblJRY21VOUwySnBiaTlpWVhOb0lDOXZjSFF2WW1sdUwzTmxkSFZ3WDI1bGRGOWxibll1YzJnS1JYaGxZMU4wWVhKMFBTOXZjSFF2WW1sdUwydDFZbVZzWlhRZ0pFdFZRa1ZNUlZSZlJWaFVVa0ZmUVZKSFV5QmNDaUFnTFMxaWIyOTBjM1J5WVhBdGEzVmlaV052Ym1acFp6MHZaWFJqTDJ0MVltVnlibVYwWlhNdlltOXZkSE4wY21Gd0xXdDFZbVZzWlhRdVkyOXVaaUJjQ2lBZ0xTMXJkV0psWTI5dVptbG5QUzkyWVhJdmJHbGlMMnQxWW1Wc1pYUXZhM1ZpWldOdmJtWnBaeUJjQ2lBZ0xTMWpiMjVtYVdjOUwyVjBZeTlyZFdKbGNtNWxkR1Z6TDJ0MVltVnNaWFF1WTI5dVppQmNDaUFnTFMxdVpYUjNiM0pyTFhCc2RXZHBiajFqYm1rZ1hBb2dJQzB0WTJWeWRDMWthWEk5TDJWMFl5OXJkV0psY201bGRHVnpMM0JyYVNCY0NpQWdMUzFqYkc5MVpDMXdjbTkyYVdSbGNqMWhlblZ5WlNCY0NpQWdMUzFqYkc5MVpDMWpiMjVtYVdjOUwyVjBZeTlyZFdKbGNtNWxkR1Z6TDJOc2IzVmtMV052Ym1acFp5QmNDaUFnTFMxb2IzTjBibUZ0WlMxdmRtVnljbWxrWlQwa2UwdFZRa1ZNUlZSZlNFOVRWRTVCVFVWOUlGd0tJQ0F0TFdSNWJtRnRhV010WTI5dVptbG5MV1JwY2owdlpYUmpMMnQxWW1WeWJtVjBaWE12WkhsdVlXMXBZeTFqYjI1bWFXY3RaR2x5SUZ3S0lDQXRMV1psWVhSMWNtVXRaMkYwWlhNOVJIbHVZVzFwWTB0MVltVnNaWFJEYjI1bWFXYzlkSEoxWlNCY0NpQWdMUzFsZUdsMExXOXVMV3h2WTJzdFkyOXVkR1Z1ZEdsdmJpQmNDaUFnTFMxc2IyTnJMV1pwYkdVOUwzUnRjQzlyZFdKbGJHVjBMbXh2WTJzZ1hBb2dJQzB0WTI5dWRHRnBibVZ5TFhKMWJuUnBiV1U5Y21WdGIzUmxJRndLSUNBdExXTnZiblJoYVc1bGNpMXlkVzUwYVcxbExXVnVaSEJ2YVc1MFBYVnVhWGc2THk4dmNuVnVMMk52Ym5SaGFXNWxjbVF2WTI5dWRHRnBibVZ5WkM1emIyTnJJRndLSUNBdExXNXZaR1V0YVhBZ0pIdExWVUpGVEVWVVgwNVBSRVZmU1ZCOUNncGJTVzV6ZEdGc2JGMEtWMkZ1ZEdWa1FuazliWFZzZEdrdGRYTmxjaTUwWVhKblpYUUsKCi0gcGF0aDogJy9ldGMva3ViZXJuZXRlcy9jbG91ZC1jb25maWcnCiAgcGVybWlzc2lvbnM6ICcwNjAwJwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBleUpqYkc5MVpDSTZJa0ZhVlZKRlVGVkNURWxEUTB4UFZVUWlMQ0owWlc1aGJuUkpaQ0k2SWlJc0luTjFZbk5qY21sd2RHbHZia2xrSWpvaUlpd2lZV0ZrUTJ4cFpXNTBTV1FpT2lJaUxDSmhZV1JEYkdsbGJuUlRaV055WlhRaU9pSWlMQ0p5WlhOdmRYSmpaVWR5YjNWd0lqb2lJaXdpYkc5allYUnBiMjRpT2lJaUxDSjJibVYwVG1GdFpTSTZJaUlzSW5OMVltNWxkRTVoYldVaU9pSWlMQ0p5YjNWMFpWUmhZbXhsVG1GdFpTSTZJaUlzSW5ObFkzVnlhWFI1UjNKdmRYQk9ZVzFsSWpvaVptRnJaUzF6WnlJc0luQnlhVzFoY25sQmRtRnBiR0ZpYVd4cGRIbFRaWFJPWVcxbElqb2lJaXdpZG01bGRGSmxjMjkxY21ObFIzSnZkWEFpT2lJaUxDSjFjMlZKYm5OMFlXNWpaVTFsZEdGa1lYUmhJanAwY25WbExDSnNiMkZrUW1Gc1lXNWpaWEpUYTNVaU9pSWlmUW89CgotIHBhdGg6ICcvb3B0L2Jpbi9zZXR1cF9uZXRfZW52LnNoJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdmRYTnlMMkpwYmk5bGJuWWdZbUZ6YUFwbFkyaHZaR0YwWlNncElIc0tJQ0JsWTJodklDSmJKQ2hrWVhSbElDMUpjeWxkSWlBaUpFQWlDbjBLQ2lNZ1oyVjBJSFJvWlNCa1pXWmhkV3gwSUdsdWRHVnlabUZqWlNCSlVDQmhaR1J5WlhOekNrUkZSa0ZWVEZSZlNVWkRYMGxRUFNRb2FYQWdMVzhnSUhKdmRYUmxJR2RsZENBeElId2daM0psY0NBdGIxQWdJbk55WXlCY1MxeFRLeUlwQ2dwcFppQmJJQzE2SUNJa2UwUkZSa0ZWVEZSZlNVWkRYMGxRZlNJZ1hRcDBhR1Z1Q2lBZ1pXTm9iMlJoZEdVZ0lrWmhhV3hsWkNCMGJ5Qm5aWFFnU1ZBZ1lXUmtjbVZ6Y3lCbWIzSWdkR2hsSUdSbFptRjFiSFFnY205MWRHVWdhVzUwWlhKbVlXTmxJZ29nSUdWNGFYUWdNUXBtYVFvS0l5Qm5aWFFnZEdobElHWjFiR3dnYUc5emRHNWhiV1VLUmxWTVRGOUlUMU5VVGtGTlJUMGtLR2h2YzNSdVlXMWxJQzFtS1FvaklHbG1JQzlsZEdNdmFHOXpkRzVoYldVZ2FYTWdibTkwSUdWdGNIUjVJSFJvWlc0Z2RYTmxJSFJvWlNCb2IzTjBibUZ0WlNCbWNtOXRJSFJvWlhKbENtbG1JRnNnTFhNZ0wyVjBZeTlvYjNOMGJtRnRaU0JkT3lCMGFHVnVDaUFnUmxWTVRGOUlUMU5VVGtGTlJUMGtLR05oZENBdlpYUmpMMmh2YzNSdVlXMWxLUXBtYVFvS0l5QjNjbWwwWlNCMGFHVWdibTlrWldsd1gyVnVkaUJtYVd4bENpTWdkMlVnYm1WbFpDQjBhR1VnYkdsdVpTQmlaV3h2ZHlCaVpXTmhkWE5sSUdac1lYUmpZWElnYUdGeklIUm9aU0J6WVcxbElITjBjbWx1WnlBaVkyOXlaVzl6SWlCcGJpQjBhR0YwSUdacGJHVUthV1lnWjNKbGNDQXRjU0JqYjNKbGIzTWdMMlYwWXk5dmN5MXlaV3hsWVhObENuUm9aVzRLSUNCbFkyaHZJQ0pMVlVKRlRFVlVYMDVQUkVWZlNWQTlKSHRFUlVaQlZVeFVYMGxHUTE5SlVIMWNia3RWUWtWTVJWUmZTRTlUVkU1QlRVVTlKSHRHVlV4TVgwaFBVMVJPUVUxRmZTSWdQaUF2WlhSakwydDFZbVZ5Ym1WMFpYTXZibTlrWldsd0xtTnZibVlLWld4cFppQmJJQ0VnTFdRZ0wyVjBZeTl6ZVhOMFpXMWtMM041YzNSbGJTOXJkV0psYkdWMExuTmxjblpwWTJVdVpDQmRDblJvWlc0S0lDQmxZMmh2WkdGMFpTQWlRMkZ1SjNRZ1ptbHVaQ0JyZFdKbGJHVjBJSE5sY25acFkyVWdaWGgwY21GeklHUnBjbVZqZEc5eWVTSUtJQ0JsZUdsMElERUtaV3h6WlFvZ0lHVmphRzhnTFdVZ0lsdFRaWEoyYVdObFhWeHVSVzUyYVhKdmJtMWxiblE5WENKTFZVSkZURVZVWDA1UFJFVmZTVkE5Skh0RVJVWkJWVXhVWDBsR1ExOUpVSDFjSWx4dVJXNTJhWEp2Ym0xbGJuUTlYQ0pMVlVKRlRFVlVYMGhQVTFST1FVMUZQU1I3UmxWTVRGOUlUMU5VVGtGTlJYMWNJaUlnUGlBdlpYUmpMM041YzNSbGJXUXZjM2x6ZEdWdEwydDFZbVZzWlhRdWMyVnlkbWxqWlM1a0wyNXZaR1ZwY0M1amIyNW1DbVpwQ2c9PQoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL3BraS9jYS5jcnQnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VWWGFrTkRRVEJMWjBGM1NVSkJaMGxLUVV4bVVteFhjMGs0V1ZGSVRVRXdSME5UY1VkVFNXSXpSRkZGUWtKUlZVRk5TSE40UTNwQlNrSm5UbFlLUWtGWlZFRnNWbFJOVVhOM1ExRlpSRlpSVVVsRmQwcEVVVlJGVjAxQ1VVZEJNVlZGUW5oTlRsVXlSblZKUlZwNVdWYzFhbUZZVG1waWVrVlZUVUpKUndwQk1WVkZRMmhOVEZGdVNtaGFSMXB3WkVod2NHSnRUWGhGYWtGUlFtZE9Wa0pCVFZSRFYzaDJXVEpHYzJGSE9YcGtSRVZrVFVKelIwTlRjVWRUU1dJekNrUlJSVXBCVWxsUFdXNUthRnBGUW10WlZ6VnVXVk0xYW1JeU1IZElhR05PVFZSUmQwNTZSVEZOYWtFd1RtcEJNVmRvWTA1TlZHTjNUbFJCTUUxcVFUQUtUbXBCTVZkcVFqZE5VWE4zUTFGWlJGWlJVVWRGZDBwV1ZYcEZURTFCYTBkQk1WVkZRMEpOUTFFd1JYaEdha0ZWUW1kT1ZrSkJZMVJFVms1b1ltbENSd3BqYlVaMVdUSnNlbGt5T0hoR1JFRlRRbWRPVmtKQmIxUkRNRXA1V1ZkU2JXRllValpoVnpWcVRWSkpkMFZCV1VSV1VWRkVSWGRzYzJJeVRtaGlSMmgyQ21NelVYaElWRUZpUW1kcmNXaHJhVWM1ZHpCQ1ExRkZWMFJ0U25sWlYxSkJXa2RHZFZveVJYVlpNamwwVFVsSlFrbHFRVTVDWjJ0eGFHdHBSemwzTUVJS1FWRkZSa0ZCVDBOQlVUaEJUVWxKUWtOblMwTkJVVVZCZERWbVFXcHdOR1pVWTJWclYxVlVabnB6Y0RCcmVXbG9NVTlaWW5OSFREQkxXREZsVW1KVFV3cFNPRTlrTUNzNVVUWXlTSGx1ZVN0SFJuZE5WR0kwUVM5TFZUaHRjM052U0haalkyVlRRVUZpZDJaaWVFWkxMeXR6TlRGVWIySnhWVzVQVWxweVQyOVVDbHBxYTFWNVoySjVXRVJUU3prNVdVSmlZMUl4VUdsd09IWjNUVlJ0TkZoTGRVeDBRMmxuWlVKQ1pHcHFRVkZrWjFWUE1qaE1SVTVIYkhOTmJtMWxXV3NLU21aUFJGWkhibFp0Y2pWTWRHSTVRVTVCT0VsTGVWUm1jMjVJU2pScFQwTlRMMUJzVUdKVmFqSnhOMWx1YjFaTWNHOXpWVUpOYkdkVllpOURlV3RZTXdwdFQyOU1ZalI1U2twUmVVRXZhVk5VTmxwNGFVbEZhak0yUkRSNVYxbzFiR2MzV1Vwc0sxVnBhVUpSU0VkRGJsQmtSM2xwY0hGV01EWmxlREJvWlZsWENtTmhhVmM0VEZkYVUxVlJPVE5xVVN0WFZrTklPR2hVTjBSUlR6RmtiWE4yVlcxWWJIRXZTbVZCYkhkUkwxRkpSRUZSUVVKdk5FaG5UVWxJWkUxQ01FY0tRVEZWWkVSblVWZENRbEpqUVZKUGRHaFRORkEwVlRkMlZHWnFRbmxETlRZNVVqZEZOa1JEUW5KUldVUldVakJxUWtsSGJFMUpSMmxuUWxKalFWSlBkQXBvVXpSUU5GVTNkbFJtYWtKNVF6VTJPVkkzUlRaTFJpOXdTREIzWlhwRlRFMUJhMGRCTVZWRlFtaE5RMVpXVFhoRGVrRktRbWRPVmtKQloxUkJhMDVDQ2sxU1dYZEdRVmxFVmxGUlNFVjNNVlJaVnpSblVtNUthR0p0VG5Cak1rNTJUVkpSZDBWbldVUldVVkZMUlhkMFEyTnRSbXRhYld3d1pXMXNkVmw2UlZNS1RVSkJSMEV4VlVWQmVFMUtZa2M1YWxsWGVHOWlNMDR3VFZJd2QwZDNXVXBMYjFwSmFIWmpUa0ZSYTBKR1p6VnBZMjFHYTFGSFVtaGliV1JvVEcxT2RncGlXVWxLUVV4bVVteFhjMGs0V1ZGSVRVRjNSMEV4VldSRmQxRkdUVUZOUWtGbU9IZEVVVmxLUzI5YVNXaDJZMDVCVVVWR1FsRkJSR2RuUlVKQlJ6Wm9DbFU1WmpselRrZ3dMelp2UW1KSFIza3lSVlpWTUZWblNWUlZVVWx5Umxkdk9YSkdhM0pYTldzdldHdEVhbEZ0S3pOc2VtcFVNR2xIVWpSSmVFVXZRVzhLWlZVMmMxRm9kV0UzZDNKWFpVWkZialEzUjB3NU9HeHVRM05LWkVRM2IxcE9hRVp0VVRrMVZHSXZURzVFVldwek5WbHFPV0p5VURCT1YzcFlabGxWTkFwVlN6SmFia2xPU2xKalNuQkNPR2xTUTJGRGVFVTRSR1JqVlVZd1dIRkpSWEUyY0VFeU56SnpibTlNYldsWVRFMTJUbXd6YTFsRlpHMHJhbVUyZG05RUNqVTRVMDVXUlZWemVuUjZVWGxZYlVwRmFFTndkMVpKTUVFMlVVTnFlbGhxSzNGMmNHMTNNMXBhU0drNFNuZFlaV2s0V2xwQ1RGUlRSa0pyYVRoYU4yNEtjMGc1UWtKSU16Z3ZVM3BWYlVGT05GRklVMUI1TVdkcWNXMHdNRTlCUlRoT1lWbEVhMmd2WW5wRk5HUTNiVXhIUjAxWGNDOVhSVE5MVUZOMU9ESklSZ3ByVUdVMldHOVRZbWxNYlM5cmVHc3pNbFF3UFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PQoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL2Jvb3RzdHJhcC1rdWJlbGV0LmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBZWEJwVm1WeWMybHZiam9nZGpFS1kyeDFjM1JsY25NNkNpMGdZMngxYzNSbGNqb0tJQ0FnSUdObGNuUnBabWxqWVhSbExXRjFkR2h2Y21sMGVTMWtZWFJoT2lCTVV6QjBURk14UTFKVlpFcFVhVUpFVWxaS1ZWTlZXa3BSTUVaVlVsTXdkRXhUTUhSRGF6RktVMVZTU0ZKRlRrUlJWMlJFV2pCR00xTlZTa0phTUd4RFVWVlNRbFJyU201aE0wWnZZVEpzU0U5WVkzZFJhMFpTWXpCYVFsSkZSVFZVVmxKNlpEQTVVbGRWVWxkVlZrWkZVbGh3UzJWWFNYbFBWRUZMVkVaa1QyRkZlSFZWVkU1cVZqTlNORnBWVWxkbFIxSkVUbGQ0YTFkRmNESlpNR1JXWkVkUmVWWnVjR3RTUlRFd1YxaHJNV0V4Y0ZsWFdGWm9UVEZhY0Zkc2FFdGtSbXhaVlc1Q1dtVlVWbmRaYm5CQ1dsRndSMlI2UWpSVU1GSkNaVlV4UlZKWWFFNWxiRlY1VkZWU2IxbFZXak5OU0d4UVVrVkdORlJZY0VKbFJURTJWbFJLVGxKSGFHaFVWVkYzWlVVNU5sRlVWa05hTURWWFVXdEdUbFpGTVhWVGJscHBUVEZHTUVOc2EzbFNXRlpyVWtkU05GbFVUa2RPUlRWWlVtcENUV0pXV1hoWk1qQTFaREZ3VkUxVVRtRlhSVFIzVkZocmVHRnJlSFJWYlhocllWUldlVnBHWkV0aVIwNTBUVmRvYTFJeWVIRlVSekZ6WkdzeFNsTlZTVXRUVjNCQ1ZHdEtibUV6Um05aE1teElUMWhqZDFGclJsSlNWVnBDVVZVNVJGRldSVFJSVlRGS1UxVktSRm93ZEVSUlZrWkdVVmhCTWxORVdsZE9WRnBwVjFWb01sRXlWalpVUjNSNVdtdHNObFJVWjNoWlozQndZbnBqZGxkdFJqTk1NSGhNVWxoamQxcFZXWEpVUlRFeVRrVlZja3d4UlhaYWExcHZZekJvUkVzeU1XOWFWWGh1VFZWb1dGWldRa2RWUmtweVRrWkNVazlFVm5SUlV6Z3daRWR3Y0dKWGNGUlZSVnBGUTIxek1sVXdiSFJsYTNSSFZFWnNVbG96WkVSYU1tUndWbnBvVDAxdGFGQkxlbXcyWTJ0S1ZsRlZlRXRTYTJSRFRtcFNkbFF5VG1sUmJXOHlVbGhKZGtzd05YTlZSV1JLVFRGS1UxWXhaR3RoVlZaVlZqQlpTMVl4YkVST1IzQnRVMjF3YVZKcVZsRlpibXcxVjBWb2RXTXdaRzFrUms1UFYxWndRMVJFWTNoV2VtUnZUMWR3VFZZelFqVldWbVJNVkVSYVlWZFZSazlrTUZKUVZHcEtVMWx1UVROa1NFSXhaSHBDV1U1bmNISmhlWE4zVVZaYU0xWnVjSEpOZWtGeVZGVTFObUpYV1RGTlNFWXpTekk0TkUxVWFHbGFhM2hXVWtkMGFGUnJNVzFVUmsweVUxUkNNMVZYTUROVmEyUnVTekF4Ymxac1NrVmxWRTVFWkZac2VGcHJiRmhEYkd0NVpXNW5NbGw2WkZGaldIQkhZekZhVjFwcmJIbFpWRUpwVFVoR2FHUkZOWE5OVm1oSllXcG9NRXN3WkU5alYxSnBZVlJKZGxKc1JuRlJNMmh3WWtaU1QyUlhOVEJXUkU0eVpWUktiRlF3YUZKVFZWRkxVVlpHUWxGdE9UVlVXR1JLVmtWR1VGRnRaRTlXYTJoU1QwVktRbHBxYUVaUmEwWk9VVEJHZUZWWVpFVmtNV3hGVm14SmQxWkZSbEpUUXpsRFVWWldNMUZZWkVaUmFUazJVVlUxUTFveWRIaGhSM1J3VW5kdk5XUjZRa05SVmtaNlVtdEdRbFF3VGtKVlZWWkNVMWN4Um1KcmJGbFdhazVGWlZjeFJHTlViSGhWUkdSM1N6TldTMDVVVmpGYWJHaHJZVEZKZVZveWFFVldWbXg1VmtaU2FsVklaSEZWYWtweFZrVm9hRU50YkdGUlUzUnVUMGMwTWxWWVNsWmlNRTVGVG01T05sSjVkSE5oUjBaelRqSm9VVTV1YUd0V00xWlRZV3hvUjFORk9ETlphelV5VG1wT1NtTlZWa2hsYkVwRldqTmpNVm96WkdwalZsWlZWMnRXTW1ReVkwdGFNakUyVG5wVk5XUjVPV2hTYlZsNFZtcEZlV0ZFUm1oYWJFSjBVVlJzUmxKNlZrOWFSV2cwWXpObk5WRlhlRWxMTUZreVpFaHNlbU5JUWxoaFJsVTBWMFZXVWxaVlJreFJNVUp4WW01a1ZtSlZjekJqUVc4eldqTmFWVmR1U1hsbGJtOHdZbTVrYjFkdE9IcFVSR2MxVFVST2VHTklVbXBqVkVaelYycFNVRmRZVGtWaU1XaDJZa1JHTVdWdFJsSlRSR2Q1WlVoc00xcFdUa3hSTUhSWlkwVTVhV0ZZY0d4T1ZtOTNRMjVrZDJKdGNHdFNTRlpKVDBSa05FNUlTVEJVUjNCT1YyNUNNVTB6V2xsT2EzaHhVV3RTVGxWR1pISlRSV2hSVkdwV1FtRlhNSGhUYTNnd1RuazVVMVJHUW01V1NGSnhZekJ3VG1Oc1VrSlZlbVJ2V2pGdlMxcHJkRTFVUkd4U1ZGWkdjMDV1VFhoamEyaExUa1YwY2t3eVZUTlRNR00wVTBWRk1HRkZWazlTVjJoeVQxWnNSVnBzUlRsUVVXOTBURk13ZEV4VlZrOVNRMEpFVWxaS1ZWTlZXa3BSTUVaVlVsTXdkRXhUTUhSRFp6MDlDaUFnSUNCelpYSjJaWEk2SUdoMGRIQnpPaTh2Wm05dkxtSmhjam8yTkRRekNpQWdibUZ0WlRvZ1l3cGpiMjUwWlhoMGN6b0tMU0JqYjI1MFpYaDBPZ29nSUNBZ1kyeDFjM1JsY2pvZ1l3b2dJQ0FnZFhObGNqb2dZd29nSUc1aGJXVTZJR01LWTNWeWNtVnVkQzFqYjI1MFpYaDBPaUJqQ210cGJtUTZJRU52Ym1acFp3cHdjbVZtWlhKbGJtTmxjem9nZTMwS2RYTmxjbk02Q2kwZ2JtRnRaVG9nWXdvZ0lIVnpaWEk2Q2lBZ0lDQjBiMnRsYmpvZ2RHVnpkQzUwWlhOMENnbz0KCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0vc2V0dXAuc2VydmljZScKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcwbHVjM1JoYkd4ZENsZGhiblJsWkVKNVBXMTFiSFJwTFhWelpYSXVkR0Z5WjJWMENncGJWVzVwZEYwS1VtVnhkV2x5WlhNOWJtVjBkMjl5YXkxdmJteHBibVV1ZEdGeVoyVjBDa0ZtZEdWeVBXNWxkSGR2Y21zdGIyNXNhVzVsTG5SaGNtZGxkQW9LVzFObGNuWnBZMlZkQ2xSNWNHVTliMjVsYzJodmRBcFNaVzFoYVc1QlpuUmxja1Y0YVhROWRISjFaUXBGYm5acGNtOXViV1Z1ZEVacGJHVTlMUzlsZEdNdlpXNTJhWEp2Ym0xbGJuUUtSWGhsWTFOMFlYSjBQUzl2Y0hRdlltbHVMM04xY0dWeWRtbHpaUzV6YUNBdmIzQjBMMkpwYmk5elpYUjFjQW89CgotIHBhdGg6ICcvZXRjL3Byb2ZpbGUuZC9vcHQtYmluLXBhdGguc2gnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBaWGh3YjNKMElGQkJWRWc5SWk5dmNIUXZZbWx1T2lSUVFWUklJZ289CgotIHBhdGg6ICcvZXRjL2t1YmVybmV0ZXMva3ViZWxldC5jb25mJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgWVhCcFZtVnljMmx2YmpvZ2EzVmlaV3hsZEM1amIyNW1hV2N1YXpoekxtbHZMM1l4WW1WMFlURUthMmx1WkRvZ1MzVmlaV3hsZEVOdmJtWnBaM1Z5WVhScGIyNEtZWFYwYUdWdWRHbGpZWFJwYjI0NkNpQWdZVzV2Ym5sdGIzVnpPZ29nSUNBZ1pXNWhZbXhsWkRvZ1ptRnNjMlVLSUNCM1pXSm9iMjlyT2dvZ0lDQWdaVzVoWW14bFpEb2dkSEoxWlFvZ0lIZzFNRGs2Q2lBZ0lDQmpiR2xsYm5SRFFVWnBiR1U2SUM5bGRHTXZhM1ZpWlhKdVpYUmxjeTl3YTJrdlkyRXVZM0owQ21GMWRHaHZjbWw2WVhScGIyNDZDaUFnYlc5a1pUb2dWMlZpYUc5dmF3cGpaM0p2ZFhCRWNtbDJaWEk2SUhONWMzUmxiV1FLWTJ4MWMzUmxja1JPVXpvS0xTQWlNVEF1TUM0d0xqQWlDbU5zZFhOMFpYSkViMjFoYVc0NklHTnNkWE4wWlhJdWJHOWpZV3dLWTI5dWRHRnBibVZ5VEc5blRXRjRVMmw2WlRvZ01UQXdUV2tLWTI5dWRHRnBibVZ5VEc5blRXRjRSbWxzWlhNNklEVUtabVZoZEhWeVpVZGhkR1Z6T2dvZ0lFZHlZV05sWm5Wc1RtOWtaVk5vZFhSa2IzZHVPaUIwY25WbENpQWdTV1JsYm5ScFpubFFiMlJQVXpvZ1ptRnNjMlVLY0hKdmRHVmpkRXRsY201bGJFUmxabUYxYkhSek9pQjBjblZsQ25KbFlXUlBibXg1VUc5eWREb2dNQXB5YjNSaGRHVkRaWEowYVdacFkyRjBaWE02SUhSeWRXVUtjMlZ5ZG1WeVZFeFRRbTl2ZEhOMGNtRndPaUIwY25WbENuTjBZWFJwWTFCdlpGQmhkR2c2SUM5bGRHTXZhM1ZpWlhKdVpYUmxjeTl0WVc1cFptVnpkSE1LYTNWaVpWSmxjMlZ5ZG1Wa09nb2dJR053ZFRvZ01qQXdiUW9nSUdWd2FHVnRaWEpoYkMxemRHOXlZV2RsT2lBeFIya0tJQ0J0WlcxdmNuazZJREl3TUUxcENuTjVjM1JsYlZKbGMyVnlkbVZrT2dvZ0lHTndkVG9nTWpBd2JRb2dJR1Z3YUdWdFpYSmhiQzF6ZEc5eVlXZGxPaUF4UjJrS0lDQnRaVzF2Y25rNklESXdNRTFwQ21WMmFXTjBhVzl1U0dGeVpEb0tJQ0JwYldGblpXWnpMbUYyWVdsc1lXSnNaVG9nTVRVbENpQWdiV1Z0YjNKNUxtRjJZV2xzWVdKc1pUb2dNVEF3VFdrS0lDQnViMlJsWm5NdVlYWmhhV3hoWW14bE9pQXhNQ1VLSUNCdWIyUmxabk11YVc1dlpHVnpSbkpsWlRvZ05TVUtkR3h6UTJsd2FHVnlVM1ZwZEdWek9nb3RJRlJNVTE5QlJWTmZNVEk0WDBkRFRWOVRTRUV5TlRZS0xTQlVURk5mUVVWVFh6STFObDlIUTAxZlUwaEJNemcwQ2kwZ1ZFeFRYME5JUVVOSVFUSXdYMUJQVEZreE16QTFYMU5JUVRJMU5nb3RJRlJNVTE5RlEwUklSVjlGUTBSVFFWOVhTVlJJWDBGRlUxOHhNamhmUjBOTlgxTklRVEkxTmdvdElGUk1VMTlGUTBSSVJWOUZRMFJUUVY5WFNWUklYMEZGVTE4eU5UWmZSME5OWDFOSVFUTTROQW90SUZSTVUxOUZRMFJJUlY5RlEwUlRRVjlYU1ZSSVgwTklRVU5JUVRJd1gxQlBURmt4TXpBMUNpMGdWRXhUWDBWRFJFaEZYMUpUUVY5WFNWUklYMEZGVTE4eE1qaGZSME5OWDFOSVFUSTFOZ290SUZSTVUxOUZRMFJJUlY5U1UwRmZWMGxVU0Y5QlJWTmZNalUyWDBkRFRWOVRTRUV6T0RRS0xTQlVURk5mUlVORVNFVmZVbE5CWDFkSlZFaGZRMGhCUTBoQk1qQmZVRTlNV1RFek1EVUtkbTlzZFcxbFVHeDFaMmx1UkdseU9pQXZkbUZ5TDJ4cFlpOXJkV0psYkdWMEwzWnZiSFZ0WlhCc2RXZHBibk1LCgotIHBhdGg6ICcvZXRjL3N5c3RlbWQvc3lzdGVtL2t1YmVsZXQtaGVhbHRoY2hlY2suc2VydmljZScKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcxVnVhWFJkQ2xKbGNYVnBjbVZ6UFd0MVltVnNaWFF1YzJWeWRtbGpaUXBCWm5SbGNqMXJkV0psYkdWMExuTmxjblpwWTJVS0NsdFRaWEoyYVdObFhRcEZlR1ZqVTNSaGNuUTlMMjl3ZEM5aWFXNHZhR1ZoYkhSb0xXMXZibWwwYjNJdWMyZ2dhM1ZpWld4bGRBb0tXMGx1YzNSaGJHeGRDbGRoYm5SbFpFSjVQVzExYkhScExYVnpaWEl1ZEdGeVoyVjBDZz09CgotIHBhdGg6ICcvb3B0L2Rpc2FibGUtc3dhcC5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZkWE55TDJKcGJpOWxibllnWW1GemFBcHpaWFFnTFdWMWJ5QndhWEJsWm1GcGJBb0tJeUJOWVd0bElITjFjbVVnZDJVZ1lXeDNZWGx6SUdScGMyRmliR1VnYzNkaGNDQXRJRTkwYUdWeWQybHpaU0IwYUdVZ2EzVmlaV3hsZENCM2IyNG5kQ0J6ZEdGeWRDQmhjeUJtYjNJZ2MyOXRaU0JqYkc5MVpBb2pJSEJ5YjNacFpHVnljeUJ6ZDJGd0lHZGxkSE1nWlc1aFlteGxaQ0J2YmlCeVpXSnZiM1FnYjNJZ1lXWjBaWElnZEdobElITmxkSFZ3SUhOamNtbHdkQ0JvWVhNZ1ptbHVhWE5vWldRZ1pYaGxZM1YwYVc1bkxncHpaV1FnTFdrdWIzSnBaeUFuTHk0cWMzZGhjQzRxTDJRbklDOWxkR012Wm5OMFlXSUtjM2RoY0c5bVppQXRZUW89CgotIHBhdGg6ICcvZXRjL2NyaWN0bC55YW1sJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBjb250ZW50OiB8LQogICAgcnVudGltZS1lbmRwb2ludDogdW5peDovLy9ydW4vY29udGFpbmVyZC9jb250YWluZXJkLnNvY2sKICAgIAoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9jb250YWluZXJkLnNlcnZpY2UuZC9lbnZpcm9ubWVudC5jb25mJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBjb250ZW50OiB8LQogICAgW1NlcnZpY2VdCiAgICBSZXN0YXJ0PWFsd2F5cwogICAgRW52aXJvbm1lbnRGaWxlPS0vZXRjL2Vudmlyb25tZW50CiAgICAKCi0gcGF0aDogJy9ldGMvY29udGFpbmVyZC9jb25maWcudG9tbCcKICBwZXJtaXNzaW9uczogJzA2MDAnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIGRtVnljMmx2YmlBOUlESUtDbHR0WlhSeWFXTnpYUXBoWkdSeVpYTnpJRDBnSWpFeU55NHdMakF1TVRveE16TTRJZ29LVzNCc2RXZHBibk5kQ2x0d2JIVm5hVzV6TGlKcGJ5NWpiMjUwWVdsdVpYSmtMbWR5Y0dNdWRqRXVZM0pwSWwwS2MyRnVaR0p2ZUY5cGJXRm5aU0E5SUNJeE9USXVNVFk0TGpFd01DNHhNREE2TlRBd01DOXJkV0psY201bGRHVnpMM0JoZFhObE9uWXpMakVpQ2x0d2JIVm5hVzV6TGlKcGJ5NWpiMjUwWVdsdVpYSmtMbWR5Y0dNdWRqRXVZM0pwSWk1amIyNTBZV2x1WlhKa1hRcGJjR3gxWjJsdWN5NGlhVzh1WTI5dWRHRnBibVZ5WkM1bmNuQmpMbll4TG1OeWFTSXVZMjl1ZEdGcGJtVnlaQzV5ZFc1MGFXMWxjMTBLVzNCc2RXZHBibk11SW1sdkxtTnZiblJoYVc1bGNtUXVaM0p3WXk1Mk1TNWpjbWtpTG1OdmJuUmhhVzVsY21RdWNuVnVkR2x0WlhNdWNuVnVZMTBLY25WdWRHbHRaVjkwZVhCbElEMGdJbWx2TG1OdmJuUmhhVzVsY21RdWNuVnVZeTUyTWlJS1czQnNkV2RwYm5NdUltbHZMbU52Ym5SaGFXNWxjbVF1WjNKd1l5NTJNUzVqY21raUxtTnZiblJoYVc1bGNtUXVjblZ1ZEdsdFpYTXVjblZ1WXk1dmNIUnBiMjV6WFFwVGVYTjBaVzFrUTJkeWIzVndJRDBnZEhKMVpRcGJjR3gxWjJsdWN5NGlhVzh1WTI5dWRHRnBibVZ5WkM1bmNuQmpMbll4TG1OeWFTSXVjbVZuYVhOMGNubGRDbHR3YkhWbmFXNXpMaUpwYnk1amIyNTBZV2x1WlhKa0xtZHljR011ZGpFdVkzSnBJaTV5WldkcGMzUnllUzV0YVhKeWIzSnpYUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1Y21WbmFYTjBjbmt1YldseWNtOXljeTRpWkc5amEyVnlMbWx2SWwwS1pXNWtjRzlwYm5RZ1BTQmJJbWgwZEhCek9pOHZjbVZuYVhOMGNua3VaRzlqYTJWeUxXTnVMbU52YlNKZENsdHdiSFZuYVc1ekxpSnBieTVqYjI1MFlXbHVaWEprTG1keWNHTXVkakV1WTNKcElpNXlaV2RwYzNSeWVTNWpiMjVtYVdkelhRcGJjR3gxWjJsdWN5NGlhVzh1WTI5dWRHRnBibVZ5WkM1bmNuQmpMbll4TG1OeWFTSXVjbVZuYVhOMGNua3VZMjl1Wm1sbmN5NGlNVEF1TUM0d0xqRTZOVEF3TUNKZENsdHdiSFZuYVc1ekxpSnBieTVqYjI1MFlXbHVaWEprTG1keWNHTXVkakV1WTNKcElpNXlaV2RwYzNSeWVTNWpiMjVtYVdkekxpSXhNQzR3TGpBdU1UbzFNREF3SWk1MGJITmRDbWx1YzJWamRYSmxYM05yYVhCZmRtVnlhV1o1SUQwZ2RISjFaUXBiY0d4MVoybHVjeTRpYVc4dVkyOXVkR0ZwYm1WeVpDNW5jbkJqTG5ZeExtTnlhU0l1Y21WbmFYTjBjbmt1WTI5dVptbG5jeTRpTVRreUxqRTJPQzR4TURBdU1UQXdPalV3TURBaVhRcGJjR3gxWjJsdWN5NGlhVzh1WTI5dWRHRnBibVZ5WkM1bmNuQmpMbll4TG1OeWFTSXVjbVZuYVhOMGNua3VZMjl1Wm1sbmN5NGlNVGt5TGpFMk9DNHhNREF1TVRBd09qVXdNREFpTG5Sc2MxMEthVzV6WldOMWNtVmZjMnRwY0Y5MlpYSnBabmtnUFNCMGNuVmxDZ289CgpyaF9zdWJzY3JpcHRpb246CiAgICBhdXRvLWF0dGFjaDogZmFsc2UKICAgIHBhc3N3b3JkOiAKICAgIHVzZXJuYW1lOiAK +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: osp-rhel-azure-kube-system-provisioning-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-ubuntu-aws-docker-bootstrap.yaml b/pkg/controllers/osc/testdata/secret-ubuntu-aws-docker-bootstrap.yaml index e69de29b..26596c63 100644 --- a/pkg/controllers/osc/testdata/secret-ubuntu-aws-docker-bootstrap.yaml +++ b/pkg/controllers/osc/testdata/secret-ubuntu-aws-docker-bootstrap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiBubwpzc2hfYXV0aG9yaXplZF9rZXlzOgotICdzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFEQVFBQkFBQUNBUURkT0loWW16Q0s1RFNWTHUzYycKd3JpdGVfZmlsZXM6Ci0gcGF0aDogJy9vcHQvYmluL2Jvb3RzdHJhcCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZZbWx1TDJKaGMyZ0tjMlYwSUMxNFpYVnZJSEJwY0dWbVlXbHNDZ3BsZUhCdmNuUWdSRVZDU1VGT1gwWlNUMDVVUlU1RVBXNXZibWx1ZEdWeVlXTjBhWFpsQ21Gd2RDQjFjR1JoZEdVZ0ppWWdZWEIwSUdsdWMzUmhiR3dnTFhrZ1kzVnliQ0JxY1FwamRYSnNJQzF6SUMxcklDMTJJQzB0YUdWaFpHVnlJQ2RCZFhSb2IzSnBlbUYwYVc5dU9pQkNaV0Z5WlhJZ2RHOXdMWE5sWTNKbGRDY0phSFIwY0hNNkx5OW1iMjh1WW1GeU9qWTBORE12WVhCcEwzWXhMMjVoYldWemNHRmpaWE12WTJ4dmRXUXRhVzVwZEMxelpYUjBhVzVuY3k5elpXTnlaWFJ6TDNWaWRXNTBkUzFoZDNNdGEzVmlaUzF6ZVhOMFpXMHRjSEp2ZG1semFXOXVhVzVuTFdOdmJtWnBaeUI4SUdweElDY3VaR0YwWVZzaVkyeHZkV1F0WTI5dVptbG5JbDBuSUMxeWZDQmlZWE5sTmpRZ0xXUWdQaUF2WlhSakwyTnNiM1ZrTDJOc2IzVmtMbU5tWnk1a0wzVmlkVzUwZFMxaGQzTXRhM1ZpWlMxemVYTjBaVzB0Y0hKdmRtbHphVzl1YVc1bkxXTnZibVpwWnk1alptY0tZMnh2ZFdRdGFXNXBkQ0JqYkdWaGJncGpiRzkxWkMxcGJtbDBJQzB0Wm1sc1pTQXZaWFJqTDJOc2IzVmtMMk5zYjNWa0xtTm1aeTVrTDNWaWRXNTBkUzFoZDNNdGEzVmlaUzF6ZVhOMFpXMHRjSEp2ZG1semFXOXVhVzVuTFdOdmJtWnBaeTVqWm1jZ2FXNXBkQXB6ZVhOMFpXMWpkR3dnWkdGbGJXOXVMWEpsYkc5aFpBb0tjM2x6ZEdWdFkzUnNJSEpsYzNSaGNuUWdjMlYwZFhBdWMyVnlkbWxqWlFvPQoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9ib290c3RyYXAuc2VydmljZScKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZZbWx1TDJKaGMyZ0tXMGx1YzNSaGJHeGRDbGRoYm5SbFpFSjVQVzExYkhScExYVnpaWEl1ZEdGeVoyVjBDZ3BiVlc1cGRGMEtVbVZ4ZFdseVpYTTlibVYwZDI5eWF5MXZibXhwYm1VdWRHRnlaMlYwQ2tGbWRHVnlQVzVsZEhkdmNtc3RiMjVzYVc1bExuUmhjbWRsZEFwYlUyVnlkbWxqWlYwS1ZIbHdaVDF2Ym1WemFHOTBDbEpsYldGcGJrRm1kR1Z5UlhocGREMTBjblZsQ2tWNFpXTlRkR0Z5ZEQwdmIzQjBMMkpwYmk5aWIyOTBjM1J5WVhBSwoKcnVuY21kOgotIHN5c3RlbWN0bCByZXN0YXJ0IGJvb3RzdHJhcC5zZXJ2aWNlCi0gc3lzdGVtY3RsIGRhZW1vbi1yZWxvYWQK +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: ubuntu-aws-kube-system-bootstrap-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/controllers/osc/testdata/secret-ubuntu-aws-docker-provisioning.yaml b/pkg/controllers/osc/testdata/secret-ubuntu-aws-docker-provisioning.yaml index e69de29b..9edd6bab 100644 --- a/pkg/controllers/osc/testdata/secret-ubuntu-aws-docker-provisioning.yaml +++ b/pkg/controllers/osc/testdata/secret-ubuntu-aws-docker-provisioning.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +data: + cloud-config: I2Nsb3VkLWNvbmZpZwpzc2hfcHdhdXRoOiBubwpzc2hfYXV0aG9yaXplZF9rZXlzOgotICdzc2gtcnNhIEFBQUFCM056YUMxeWMyRUFBQUFEQVFBQkFBQUNBUURkT0loWW16Q0s1RFNWTHUzYycKd3JpdGVfZmlsZXM6Ci0gcGF0aDogJy9vcHQvYmluL2hlYWx0aC1tb25pdG9yLnNoJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdmRYTnlMMkpwYmk5bGJuWWdZbUZ6YUFvS0l5QkRiM0I1Y21sbmFIUWdNakF4TmlCVWFHVWdTM1ZpWlhKdVpYUmxjeUJCZFhSb2IzSnpMZ29qQ2lNZ1RHbGpaVzV6WldRZ2RXNWtaWElnZEdobElFRndZV05vWlNCTWFXTmxibk5sTENCV1pYSnphVzl1SURJdU1DQW9kR2hsSUNKTWFXTmxibk5sSWlrN0NpTWdlVzkxSUcxaGVTQnViM1FnZFhObElIUm9hWE1nWm1sc1pTQmxlR05sY0hRZ2FXNGdZMjl0Y0d4cFlXNWpaU0IzYVhSb0lIUm9aU0JNYVdObGJuTmxMZ29qSUZsdmRTQnRZWGtnYjJKMFlXbHVJR0VnWTI5d2VTQnZaaUIwYUdVZ1RHbGpaVzV6WlNCaGRBb2pDaU1nSUNBZ0lHaDBkSEE2THk5M2QzY3VZWEJoWTJobExtOXlaeTlzYVdObGJuTmxjeTlNU1VORlRsTkZMVEl1TUFvakNpTWdWVzVzWlhOeklISmxjWFZwY21Wa0lHSjVJR0Z3Y0d4cFkyRmliR1VnYkdGM0lHOXlJR0ZuY21WbFpDQjBieUJwYmlCM2NtbDBhVzVuTENCemIyWjBkMkZ5WlFvaklHUnBjM1J5YVdKMWRHVmtJSFZ1WkdWeUlIUm9aU0JNYVdObGJuTmxJR2x6SUdScGMzUnlhV0oxZEdWa0lHOXVJR0Z1SUNKQlV5QkpVeUlnUWtGVFNWTXNDaU1nVjBsVVNFOVZWQ0JYUVZKU1FVNVVTVVZUSUU5U0lFTlBUa1JKVkVsUFRsTWdUMFlnUVU1WklFdEpUa1FzSUdWcGRHaGxjaUJsZUhCeVpYTnpJRzl5SUdsdGNHeHBaV1F1Q2lNZ1UyVmxJSFJvWlNCTWFXTmxibk5sSUdadmNpQjBhR1VnYzNCbFkybG1hV01nYkdGdVozVmhaMlVnWjI5MlpYSnVhVzVuSUhCbGNtMXBjM05wYjI1eklHRnVaQW9qSUd4cGJXbDBZWFJwYjI1eklIVnVaR1Z5SUhSb1pTQk1hV05sYm5ObExnb0tJeUJVYUdseklITmpjbWx3ZENCcGN5Qm1iM0lnYldGemRHVnlJR0Z1WkNCdWIyUmxJR2x1YzNSaGJtTmxJR2hsWVd4MGFDQnRiMjVwZEc5eWFXNW5MQ0IzYUdsamFDQnBjd29qSUhCaFkydGxaQ0JwYmlCcmRXSmxMVzFoYm1sbVpYTjBJSFJoY21KaGJHd3VJRWwwSUdseklHVjRaV04xZEdWa0lIUm9jbTkxWjJnZ1lTQnplWE4wWlcxa0lITmxjblpwWTJVS0l5QnBiaUJqYkhWemRHVnlMMmRqWlM5blkya3ZQRzFoYzNSbGNpOXViMlJsUGk1NVlXMXNMaUJVYUdVZ1pXNTJJSFpoY21saFlteGxjeUJqYjIxbElHWnliMjBnWVc0Z1pXNTJDaU1nWm1sc1pTQndjbTkyYVdSbFpDQmllU0IwYUdVZ2MzbHpkR1Z0WkNCelpYSjJhV05sTGdvS0l5QlVhR2x6SUhOamNtbHdkQ0JwY3lCaElITnNhV2RvZEd4NUlHRmthblZ6ZEdWa0lIWmxjbk5wYjI0Z2IyWUtJeUJvZEhSd2N6b3ZMMmRwZEdoMVlpNWpiMjB2YTNWaVpYSnVaWFJsY3k5cmRXSmxjbTVsZEdWekwySnNiMkl2WlRGaE1XRmhNakV4TWpJMFptTmtPV0l5TVRNME1qQmlPREJpTW1GbE5qZ3dOalk1TmpnelpDOWpiSFZ6ZEdWeUwyZGpaUzluWTJrdmFHVmhiSFJvTFcxdmJtbDBiM0l1YzJnS0l5QkJaR3AxYzNSdFpXNTBjeUJoY21VNkNpTWdLaUJMZFdKbGJHVjBJR2hsWVd4MGFDQndiM0owSUdseklERXdNalE0SUc1dmRDQXhNREkxTlFvaklDb2dVbVZ0YjNaaGJDQnZaaUJoYkd3Z1lXeHNJSEpsWm1WeVpXNWpaWE1nZEc4Z2RHaGxJRXRWUWtWZlJVNVdJR1pwYkdVS0NuTmxkQ0F0YnlCdWIzVnVjMlYwQ25ObGRDQXRieUJ3YVhCbFptRnBiQW9LSXlCWFpTQnphVzF3YkhrZ2EybHNiQ0IwYUdVZ2NISnZZMlZ6Y3lCM2FHVnVJSFJvWlhKbElHbHpJR0VnWm1GcGJIVnlaUzRnUVc1dmRHaGxjaUJ6ZVhOMFpXMWtJSE5sY25acFkyVWdkMmxzYkFvaklHRjFkRzl0WVhScFkyRnNiSGtnY21WemRHRnlkQ0IwYUdVZ2NISnZZMlZ6Y3k0S1puVnVZM1JwYjI0Z1kyOXVkR0ZwYm1WeVgzSjFiblJwYldWZmJXOXVhWFJ2Y21sdVp5Z3BJSHNLSUNCc2IyTmhiQ0F0Y2lCdFlYaGZZWFIwWlcxd2RITTlOUW9nSUd4dlkyRnNJR0YwZEdWdGNIUTlNUW9nSUd4dlkyRnNJQzF5SUdOdmJuUmhhVzVsY2w5eWRXNTBhVzFsWDI1aGJXVTlJaVI3UTA5T1ZFRkpUa1ZTWDFKVlRsUkpUVVZmVGtGTlJUb3RaRzlqYTJWeWZTSUtJQ0FqSUZkbElITjBhV3hzSUc1bFpXUWdkRzhnZFhObElDZGtiMk5yWlhJZ2NITW5JSGRvWlc0Z1kyOXVkR0ZwYm1WeUlISjFiblJwYldVZ2FYTWdJbVJ2WTJ0bGNpSXVJRlJvYVhNZ2FYTWdZbVZqWVhWelpRb2dJQ01nWkc5amEyVnljMmhwYlNCcGN5QnpkR2xzYkNCd1lYSjBJRzltSUd0MVltVnNaWFFnZEc5a1lYa3VJRmRvWlc0Z2EzVmlaV3hsZENCcGN5QmtiM2R1TENCamNtbGpkR3dnY0c5a2N3b2dJQ01nZDJsc2JDQmhiSE52SUdaaGFXd3NJR0Z1WkNCa2IyTnJaWElnZDJsc2JDQmlaU0JyYVd4c1pXUXVJRlJvYVhNZ2FYTWdkVzVrWlhOcGNtRmliR1VnWlhOd1pXTnBZV3hzZVNCM2FHVnVDaUFnSXlCa2IyTnJaWElnYkdsMlpTQnlaWE4wYjNKbElHbHpJR1JwYzJGaWJHVmtMZ29nSUd4dlkyRnNJR2hsWVd4MGFHTm9aV05yWDJOdmJXMWhibVE5SW1SdlkydGxjaUJ3Y3lJS0lDQnBaaUJiV3lBaUpIdERUMDVVUVVsT1JWSmZVbFZPVkVsTlJUb3RaRzlqYTJWeWZTSWdJVDBnSW1SdlkydGxjaUlnWFYwN0lIUm9aVzRLSUNBZ0lHaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUTlJbU55YVdOMGJDQndiMlJ6SWdvZ0lHWnBDaUFnSXlCRGIyNTBZV2x1WlhJZ2NuVnVkR2x0WlNCemRHRnlkSFZ3SUhSaGEyVnpJSFJwYldVdUlFMWhhMlVnYVc1cGRHbGhiQ0JoZEhSbGJYQjBjeUJpWldadmNtVWdjM1JoY25ScGJtY0tJQ0FqSUd0cGJHeHBibWNnZEdobElHTnZiblJoYVc1bGNpQnlkVzUwYVcxbExnb2dJSFZ1ZEdsc0lIUnBiV1Z2ZFhRZ05qQWdKSHRvWldGc2RHaGphR1ZqYTE5amIyMXRZVzVrZlNBK0lDOWtaWFl2Ym5Wc2JEc2daRzhLSUNBZ0lHbG1JQ2dvWVhSMFpXMXdkQ0E5UFNCdFlYaGZZWFIwWlcxd2RITXBLVHNnZEdobGJnb2dJQ0FnSUNCbFkyaHZJQ0pOWVhnZ1lYUjBaVzF3ZENBa2UyMWhlRjloZEhSbGJYQjBjMzBnY21WaFkyaGxaQ0VnVUhKdlkyVmxaR2x1WnlCMGJ5QnRiMjVwZEc5eUlHTnZiblJoYVc1bGNpQnlkVzUwYVcxbElHaGxZV3gwYUdsdVpYTnpMaUlLSUNBZ0lDQWdZbkpsWVdzS0lDQWdJR1pwQ2lBZ0lDQmxZMmh2SUNJa1lYUjBaVzF3ZENCcGJtbDBhV0ZzSUdGMGRHVnRjSFFnWENJa2UyaGxZV3gwYUdOb1pXTnJYMk52YlcxaGJtUjlYQ0loSUZSeWVXbHVaeUJoWjJGcGJpQnBiaUFrWVhSMFpXMXdkQ0J6WldOdmJtUnpMaTR1SWdvZ0lDQWdjMnhsWlhBZ0lpUW9LRElnS2lvZ1lYUjBaVzF3ZENzcktTa2lDaUFnWkc5dVpRb2dJSGRvYVd4bElIUnlkV1U3SUdSdkNpQWdJQ0JwWmlBaElIUnBiV1Z2ZFhRZ05qQWdKSHRvWldGc2RHaGphR1ZqYTE5amIyMXRZVzVrZlNBK0lDOWtaWFl2Ym5Wc2JEc2dkR2hsYmdvZ0lDQWdJQ0JsWTJodklDSkRiMjUwWVdsdVpYSWdjblZ1ZEdsdFpTQWtlMk52Ym5SaGFXNWxjbDl5ZFc1MGFXMWxYMjVoYldWOUlHWmhhV3hsWkNFaUNpQWdJQ0FnSUdsbUlGdGJJQ0lrWTI5dWRHRnBibVZ5WDNKMWJuUnBiV1ZmYm1GdFpTSWdQVDBnSW1SdlkydGxjaUlnWFYwN0lIUm9aVzRLSUNBZ0lDQWdJQ0FqSUVSMWJYQWdjM1JoWTJzZ2IyWWdaRzlqYTJWeUlHUmhaVzF2YmlCbWIzSWdhVzUyWlhOMGFXZGhkR2x2Ymk0S0lDQWdJQ0FnSUNBaklFeHZaeUJtYVd4bElHNWhiV1VnYkc5dmEzTWdiR2xyWlNCbmIzSnZkWFJwYm1VdGMzUmhZMnR6TFZSSlRVVlRWRUZOVUNCaGJtUWdkMmxzYkNCaVpTQnpZWFpsWkNCMGJ3b2dJQ0FnSUNBZ0lDTWdkR2hsSUdWNFpXTWdjbTl2ZENCa2FYSmxZM1J2Y25rc0lIZG9hV05vSUdseklDOTJZWEl2Y25WdUwyUnZZMnRsY2k4Z2IyNGdWV0oxYm5SMUlHRnVaQ0JEVDFNdUNpQWdJQ0FnSUNBZ2NHdHBiR3dnTFZOSlIxVlRVakVnWkc5amEyVnlaQW9nSUNBZ0lDQm1hUW9nSUNBZ0lDQnplWE4wWlcxamRHd2dhMmxzYkNBdExXdHBiR3d0ZDJodlBXMWhhVzRnSWlSN1kyOXVkR0ZwYm1WeVgzSjFiblJwYldWZmJtRnRaWDBpQ2lBZ0lDQWdJQ01nVjJGcGRDQm1iM0lnWVNCM2FHbHNaU3dnWVhNZ2QyVWdaRzl1SjNRZ2QyRnVkQ0IwYnlCcmFXeHNJR2wwSUdGbllXbHVJR0psWm05eVpTQnBkQ0JwY3lCeVpXRnNiSGtnZFhBdUNpQWdJQ0FnSUhOc1pXVndJREV5TUFvZ0lDQWdaV3h6WlFvZ0lDQWdJQ0J6YkdWbGNDQWlKSHRUVEVWRlVGOVRSVU5QVGtSVGZTSUtJQ0FnSUdacENpQWdaRzl1WlFwOUNncG1kVzVqZEdsdmJpQnJkV0psYkdWMFgyMXZibWwwYjNKcGJtY29LU0I3Q2lBZ1pXTm9ieUFpVjJGcGRDQm1iM0lnTWlCdGFXNTFkR1Z6SUdadmNpQnJkV0psYkdWMElIUnZJR0psSUdaMWJtTjBhVzl1WVd3aUNpQWdjMnhsWlhBZ01USXdDaUFnYkc5allXd2dMWElnYldGNFgzTmxZMjl1WkhNOU1UQUtJQ0JzYjJOaGJDQnZkWFJ3ZFhROUlpSUtJQ0IzYUdsc1pTQjBjblZsT3lCa2J3b2dJQ0FnYkc5allXd2dabUZwYkdWa1BXWmhiSE5sQ2dvZ0lDQWdhV1lnYW05MWNtNWhiR04wYkNBdGRTQnJkV0psYkdWMElDMXVJREVnZkNCbmNtVndJQzF4SUNKMWMyVWdiMllnWTJ4dmMyVmtJRzVsZEhkdmNtc2dZMjl1Ym1WamRHbHZiaUk3SUhSb1pXNEtJQ0FnSUNBZ1ptRnBiR1ZrUFhSeWRXVUtJQ0FnSUNBZ1pXTm9ieUFpUzNWaVpXeGxkQ0J6ZEc5d2NHVmtJSEJ2YzNScGJtY2dibTlrWlNCemRHRjBkWE11SUZKbGMzUmhjblJwYm1jaUNpQWdJQ0JsYkdsbUlDRWdiM1YwY0hWMFBTUW9ZM1Z5YkNBdGJTQWlKSHR0WVhoZmMyVmpiMjVrYzMwaUlDMW1JQzF6SUMxVElHaDBkSEE2THk4eE1qY3VNQzR3TGpFNk1UQXlORGd2YUdWaGJIUm9laUF5UGlZeEtUc2dkR2hsYmdvZ0lDQWdJQ0JtWVdsc1pXUTlkSEoxWlFvZ0lDQWdJQ0FqSUZCeWFXNTBJSFJvWlNCeVpYTndiMjV6WlNCaGJtUXZiM0lnWlhKeWIzSnpMZ29nSUNBZ0lDQmxZMmh2SUNJa2IzVjBjSFYwSWdvZ0lDQWdabWtLQ2lBZ0lDQnBaaUJiV3lBaUpHWmhhV3hsWkNJZ1BUMGdJblJ5ZFdVaUlGMWRPeUIwYUdWdUNpQWdJQ0FnSUdWamFHOGdJa3QxWW1Wc1pYUWdhWE1nZFc1b1pXRnNkR2g1SVNJS0lDQWdJQ0FnYzNsemRHVnRZM1JzSUd0cGJHd2dhM1ZpWld4bGRBb2dJQ0FnSUNBaklGZGhhWFFnWm05eUlHRWdkMmhwYkdVc0lHRnpJSGRsSUdSdmJpZDBJSGRoYm5RZ2RHOGdhMmxzYkNCcGRDQmhaMkZwYmlCaVpXWnZjbVVnYVhRZ2FYTWdjbVZoYkd4NUlIVndMZ29nSUNBZ0lDQnpiR1ZsY0NBMk1Bb2dJQ0FnWld4elpRb2dJQ0FnSUNCemJHVmxjQ0FpSkh0VFRFVkZVRjlUUlVOUFRrUlRmU0lLSUNBZ0lHWnBDaUFnWkc5dVpRcDlDZ29qSXlNakl5TWpJeU1qSXlNakl5Qk5ZV2x1SUVaMWJtTjBhVzl1SUNNakl5TWpJeU1qSXlNakl5TWpJeU1LYVdZZ1cxc2dJaVFqSWlBdGJtVWdNU0JkWFRzZ2RHaGxiZ29nSUdWamFHOGdJbFZ6WVdkbE9pQm9aV0ZzZEdndGJXOXVhWFJ2Y2k1emFDQThZMjl1ZEdGcGJtVnlMWEoxYm5ScGJXVXZhM1ZpWld4bGRENGlDaUFnWlhocGRDQXhDbVpwQ2dwVFRFVkZVRjlUUlVOUFRrUlRQVEV3Q21OdmJYQnZibVZ1ZEQwa01RcGxZMmh2SUNKVGRHRnlkQ0JyZFdKbGNtNWxkR1Z6SUdobFlXeDBhQ0J0YjI1cGRHOXlhVzVuSUdadmNpQWtlMk52YlhCdmJtVnVkSDBpQ21sbUlGdGJJQ0lrZTJOdmJYQnZibVZ1ZEgwaUlEMDlJQ0pqYjI1MFlXbHVaWEl0Y25WdWRHbHRaU0lnWFYwN0lIUm9aVzRLSUNCamIyNTBZV2x1WlhKZmNuVnVkR2x0WlY5dGIyNXBkRzl5YVc1bkNtVnNhV1lnVzFzZ0lpUjdZMjl0Y0c5dVpXNTBmU0lnUFQwZ0ltdDFZbVZzWlhRaUlGMWRPeUIwYUdWdUNpQWdhM1ZpWld4bGRGOXRiMjVwZEc5eWFXNW5DbVZzYzJVS0lDQmxZMmh2SUNKSVpXRnNkR2dnYlc5dWFYUnZjbWx1WnlCbWIzSWdZMjl0Y0c5dVpXNTBJQ1I3WTI5dGNHOXVaVzUwZlNCcGN5QnViM1FnYzNWd2NHOXlkR1ZrSVNJS1pta0sKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9qb3VybmFsZC5jb25mLmQvbWF4X2Rpc2tfdXNlLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMHB2ZFhKdVlXeGRDbE41YzNSbGJVMWhlRlZ6WlQwMVJ3bz0KCi0gcGF0aDogJy9vcHQvbG9hZC1rZXJuZWwtbW9kdWxlcy5zaCcKICBwZXJtaXNzaW9uczogJzA3NTUnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIEl5RXZkWE55TDJKcGJpOWxibllnWW1GemFBcHpaWFFnTFdWMWJ5QndhWEJsWm1GcGJBb0tiVzlrY0hKdlltVWdhWEJmZG5NS2JXOWtjSEp2WW1VZ2FYQmZkbk5mY25JS2JXOWtjSEp2WW1VZ2FYQmZkbk5mZDNKeUNtMXZaSEJ5YjJKbElHbHdYM1p6WDNOb0NncHBaaUJ0YjJScGJtWnZJRzVtWDJOdmJtNTBjbUZqYTE5cGNIWTBJQ1krSUM5a1pYWXZiblZzYkRzZ2RHaGxiZ29nSUcxdlpIQnliMkpsSUc1bVgyTnZibTUwY21GamExOXBjSFkwQ21Wc2MyVUtJQ0J0YjJSd2NtOWlaU0J1Wmw5amIyNXVkSEpoWTJzS1pta0sKCi0gcGF0aDogJy9ldGMvc3lzY3RsLmQvazhzLmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBibVYwTG1KeWFXUm5aUzVpY21sa1oyVXRibVl0WTJGc2JDMXBjRFowWVdKc1pYTWdQU0F4Q201bGRDNWljbWxrWjJVdVluSnBaR2RsTFc1bUxXTmhiR3d0YVhCMFlXSnNaWE1nUFNBeENtdGxjbTVsYkM1d1lXNXBZMTl2Ymw5dmIzQnpJRDBnTVFwclpYSnVaV3d1Y0dGdWFXTWdQU0F4TUFwdVpYUXVhWEIyTkM1cGNGOW1iM0ozWVhKa0lEMGdNUXAyYlM1dmRtVnlZMjl0YldsMFgyMWxiVzl5ZVNBOUlERUtabk11YVc1dmRHbG1lUzV0WVhoZmRYTmxjbDkzWVhSamFHVnpJRDBnTVRBME9EVTNOZ3BtY3k1cGJtOTBhV1o1TG0xaGVGOTFjMlZ5WDJsdWMzUmhibU5sY3lBOUlEZ3hPVElLCgotIHBhdGg6ICcvZXRjL2RlZmF1bHQvZ3J1Yi5kLzYwLXN3YXAtYWNjb3VudGluZy5jZmcnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUJCWkdSbFpDQmllU0JyZFdKbGNtMWhkR2xqSUcxaFkyaHBibVV0WTI5dWRISnZiR3hsY2dvaklFVnVZV0pzWlNCalozSnZkWEJ6SUcxbGJXOXllU0JoYm1RZ2MzZGhjQ0JoWTJOdmRXNTBhVzVuQ2tkU1ZVSmZRMDFFVEVsT1JWOU1TVTVWV0QwaVkyZHliM1Z3WDJWdVlXSnNaVDF0WlcxdmNua2djM2RoY0dGalkyOTFiblE5TVNJSwoKLSBwYXRoOiAnL29wdC9iaW4vc2V0dXAnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2WW1sdUwySmhjMmdLYzJWMElDMTRaWFZ2SUhCcGNHVm1ZV2xzQ21sbUlITjVjM1JsYldOMGJDQnBjeTFoWTNScGRtVWdkV1ozT3lCMGFHVnVJSE41YzNSbGJXTjBiQ0J6ZEc5d0lIVm1kenNnWm1rS2MzbHpkR1Z0WTNSc0lHMWhjMnNnZFdaM0NuTjVjM1JsYldOMGJDQnlaWE4wWVhKMElITjVjM1JsYldRdGJXOWtkV3hsY3kxc2IyRmtMbk5sY25acFkyVUtjM2x6WTNSc0lDMHRjM2x6ZEdWdENncGhjSFF0WjJWMElIVndaR0YwWlFvS1JFVkNTVUZPWDBaU1QwNVVSVTVFUFc1dmJtbHVkR1Z5WVdOMGFYWmxJR0Z3ZEMxblpYUWdMVzhnUkhCclp6bzZUM0IwYVc5dWN6bzZQU0l0TFdadmNtTmxMV052Ym1aa1pXWWlJQzF2SUVSd2EyYzZPazl3ZEdsdmJuTTZPajBpTFMxbWIzSmpaUzFqYjI1bWIyeGtJaUJwYm5OMFlXeHNJQzE1SUZ3S0lDQmpkWEpzSUZ3S0lDQmpZUzFqWlhKMGFXWnBZMkYwWlhNZ1hBb2dJR05sY0dndFkyOXRiVzl1SUZ3S0lDQmphV1p6TFhWMGFXeHpJRndLSUNCamIyNXVkSEpoWTJzZ1hBb2dJR1V5Wm5Od2NtOW5jeUJjQ2lBZ1pXSjBZV0pzWlhNZ1hBb2dJR1YwYUhSdmIyd2dYQW9nSUdkc2RYTjBaWEptY3kxamJHbGxiblFnWEFvZ0lHbHdkR0ZpYkdWeklGd0tJQ0JxY1NCY0NpQWdhMjF2WkNCY0NpQWdiM0JsYm5OemFDMWpiR2xsYm5RZ1hBb2dJRzVtY3kxamIyMXRiMjRnWEFvZ0lITnZZMkYwSUZ3S0lDQjFkR2xzTFd4cGJuVjRJRndLSUNCcGNIWnpZV1J0Q21Gd2RDMW5aWFFnZFhCa1lYUmxDbUZ3ZEMxblpYUWdhVzV6ZEdGc2JDQXRlU0JoY0hRdGRISmhibk53YjNKMExXaDBkSEJ6SUdOaExXTmxjblJwWm1sallYUmxjeUJqZFhKc0lITnZablIzWVhKbExYQnliM0JsY25ScFpYTXRZMjl0Ylc5dUlHeHpZaTF5Wld4bFlYTmxDbU4xY213Z0xXWnpVMHdnYUhSMGNITTZMeTlrYjNkdWJHOWhaQzVrYjJOclpYSXVZMjl0TDJ4cGJuVjRMM1ZpZFc1MGRTOW5jR2NnZkNCaGNIUXRhMlY1SUdGa1pDQXRDbUZrWkMxaGNIUXRjbVZ3YjNOcGRHOXllU0FpWkdWaUlHaDBkSEJ6T2k4dlpHOTNibXh2WVdRdVpHOWphMlZ5TG1OdmJTOXNhVzUxZUM5MVluVnVkSFVnSkNoc2MySmZjbVZzWldGelpTQXRZM01wSUhOMFlXSnNaU0lLQ21Gd2RDMW5aWFFnYVc1emRHRnNiQ0F0TFdGc2JHOTNMV1J2ZDI1bmNtRmtaWE1nTFhrZ1hBb2dJQ0FnWTI5dWRHRnBibVZ5WkM1cGJ6MHhMalVxSUZ3S0lDQWdJR1J2WTJ0bGNpMWpaUzFqYkdrOU5Ub3hPUzR3TXlvZ1hBb2dJQ0FnWkc5amEyVnlMV05sUFRVNk1Ua3VNRE1xQ21Gd2RDMXRZWEpySUdodmJHUWdaRzlqYTJWeUxXTmxLaUJqYjI1MFlXbHVaWEprTG1sdkNncHplWE4wWlcxamRHd2daR0ZsYlc5dUxYSmxiRzloWkFwemVYTjBaVzFqZEd3Z1pXNWhZbXhsSUMwdGJtOTNJR1J2WTJ0bGNnb0tiM0IwWDJKcGJqMHZiM0IwTDJKcGJncDFjM0pmYkc5allXeGZZbWx1UFM5MWMzSXZiRzlqWVd3dlltbHVDbU51YVY5aWFXNWZaR2x5UFM5dmNIUXZZMjVwTDJKcGJncHRhMlJwY2lBdGNDQXZaWFJqTDJOdWFTOXVaWFF1WkNBdlpYUmpMMnQxWW1WeWJtVjBaWE12YldGdWFXWmxjM1J6SUNJa2IzQjBYMkpwYmlJZ0lpUmpibWxmWW1sdVgyUnBjaUlLYld0a2FYSWdMWEFnTDJWMFl5OXJkV0psY201bGRHVnpMMlI1Ym1GdGFXTXRZMjl1Wm1sbkxXUnBjZ3BoY21Ob1BTUjdTRTlUVkY5QlVrTklMWDBLYVdZZ1d5QXRlaUFpSkdGeVkyZ2lJRjBLZEdobGJncGpZWE5sSUNRb2RXNWhiV1VnTFcwcElHbHVDbmc0Tmw4Mk5Da0tJQ0FnSUdGeVkyZzlJbUZ0WkRZMElnb2dJQ0FnT3pzS1lXRnlZMmcyTkNrS0lDQWdJR0Z5WTJnOUltRnliVFkwSWdvZ0lDQWdPenNLS2lrS0lDQWdJR1ZqYUc4Z0luVnVjM1Z3Y0c5eWRHVmtJRU5RVlNCaGNtTm9hWFJsWTNSMWNtVXNJR1Y0YVhScGJtY2lDaUFnSUNCbGVHbDBJREVLSUNBZ0lEczdDbVZ6WVdNS1pta0tRMDVKWDFaRlVsTkpUMDQ5SWlSN1EwNUpYMVpGVWxOSlQwNDZMWFl3TGpndU4zMGlDbU51YVY5aVlYTmxYM1Z5YkQwaWFIUjBjSE02THk5bmFYUm9kV0l1WTI5dEwyTnZiblJoYVc1bGNtNWxkSGR2Y210cGJtY3ZjR3gxWjJsdWN5OXlaV3hsWVhObGN5OWtiM2R1Ykc5aFpDOGtRMDVKWDFaRlVsTkpUMDRpQ21OdWFWOW1hV3hsYm1GdFpUMGlZMjVwTFhCc2RXZHBibk10YkdsdWRYZ3RKR0Z5WTJndEpFTk9TVjlXUlZKVFNVOU9MblJuZWlJS1kzVnliQ0F0VEdadklDSWtZMjVwWDJKcGJsOWthWEl2SkdOdWFWOW1hV3hsYm1GdFpTSWdJaVJqYm1sZlltRnpaVjkxY213dkpHTnVhVjltYVd4bGJtRnRaU0lLWTI1cFgzTjFiVDBrS0dOMWNtd2dMVXhtSUNJa1kyNXBYMkpoYzJWZmRYSnNMeVJqYm1sZlptbHNaVzVoYldVdWMyaGhNalUySWlrS1kyUWdJaVJqYm1sZlltbHVYMlJwY2lJS2MyaGhNalUyYzNWdElDMWpJRHc4UENJa1kyNXBYM04xYlNJS2RHRnlJSGgyWmlBaUpHTnVhVjltYVd4bGJtRnRaU0lLY20wZ0xXWWdJaVJqYm1sZlptbHNaVzVoYldVaUNtTmtJQzBLUTFKSlgxUlBUMHhUWDFKRlRFVkJVMFU5SWlSN1ExSkpYMVJQVDB4VFgxSkZURVZCVTBVNkxYWXhMakl5TGpCOUlncGpjbWxmZEc5dmJITmZZbUZ6WlY5MWNtdzlJbWgwZEhCek9pOHZaMmwwYUhWaUxtTnZiUzlyZFdKbGNtNWxkR1Z6TFhOcFozTXZZM0pwTFhSdmIyeHpMM0psYkdWaGMyVnpMMlJ2ZDI1c2IyRmtMeVI3UTFKSlgxUlBUMHhUWDFKRlRFVkJVMFY5SWdwamNtbGZkRzl2YkhOZlptbHNaVzVoYldVOUltTnlhV04wYkMwa2UwTlNTVjlVVDA5TVUxOVNSVXhGUVZORmZTMXNhVzUxZUMwa2UyRnlZMmg5TG5SaGNpNW5laUlLWTNWeWJDQXRUR1p2SUNJa2IzQjBYMkpwYmk4a1kzSnBYM1J2YjJ4elgyWnBiR1Z1WVcxbElpQWlKR055YVY5MGIyOXNjMTlpWVhObFgzVnliQzhrWTNKcFgzUnZiMnh6WDJacGJHVnVZVzFsSWdwamNtbGZkRzl2YkhOZmMzVnRQU1FvWTNWeWJDQXRUR1lnSWlSamNtbGZkRzl2YkhOZlltRnpaVjkxY213dkpHTnlhVjkwYjI5c2MxOW1hV3hsYm1GdFpTNXphR0V5TlRZaUlId2djMlZrSUNkekwxd3FYQzh2THljcENtTmtJQ0lrYjNCMFgySnBiaUlLYzJoaE1qVTJjM1Z0SUMxaklEdzhQQ0lrWTNKcFgzUnZiMnh6WDNOMWJTSUtkR0Z5SUhoMlppQWlKR055YVY5MGIyOXNjMTltYVd4bGJtRnRaU0lLY20wZ0xXWWdJaVJqY21sZmRHOXZiSE5mWm1sc1pXNWhiV1VpQ214dUlDMXpaaUFpSkc5d2RGOWlhVzR2WTNKcFkzUnNJaUFpSkhWemNsOXNiMk5oYkY5aWFXNGlMMk55YVdOMGJDQjhmQ0JsWTJodklDSnplVzFpYjJ4cFl5QnNhVzVySUdseklITnJhWEJ3WldRaUNtTmtJQzBLUzFWQ1JWOVdSVkpUU1U5T1BTSWtlMHRWUWtWZlZrVlNVMGxQVGpvdGRqRXVNakl1TW4waUNtdDFZbVZmWkdseVBTSWtiM0IwWDJKcGJpOXJkV0psY201bGRHVnpMU1JMVlVKRlgxWkZVbE5KVDA0aUNtdDFZbVZmWW1GelpWOTFjbXc5SW1oMGRIQnpPaTh2YzNSdmNtRm5aUzVuYjI5bmJHVmhjR2x6TG1OdmJTOXJkV0psY201bGRHVnpMWEpsYkdWaGMyVXZjbVZzWldGelpTOGtTMVZDUlY5V1JWSlRTVTlPTDJKcGJpOXNhVzUxZUM4a1lYSmphQ0lLYTNWaVpWOXpkVzFmWm1sc1pUMGlKR3QxWW1WZlpHbHlMM05vWVRJMU5pSUtiV3RrYVhJZ0xYQWdJaVJyZFdKbFgyUnBjaUlLT2lBK0lpUnJkV0psWDNOMWJWOW1hV3hsSWdvS1ptOXlJR0pwYmlCcGJpQnJkV0psYkdWMElHdDFZbVZoWkcwZ2EzVmlaV04wYkRzZ1pHOEtJQ0FnSUdOMWNtd2dMVXhtYnlBaUpHdDFZbVZmWkdseUx5UmlhVzRpSUNJa2EzVmlaVjlpWVhObFgzVnliQzhrWW1sdUlnb2dJQ0FnWTJodGIyUWdLM2dnSWlScmRXSmxYMlJwY2k4a1ltbHVJZ29nSUNBZ2MzVnRQU1FvWTNWeWJDQXRUR1lnSWlScmRXSmxYMkpoYzJWZmRYSnNMeVJpYVc0dWMyaGhNalUySWlrS0lDQWdJR1ZqYUc4Z0lpUnpkVzBnSUNScmRXSmxYMlJwY2k4a1ltbHVJaUErUGlJa2EzVmlaVjl6ZFcxZlptbHNaU0lLWkc5dVpRcHphR0V5TlRaemRXMGdMV01nSWlScmRXSmxYM04xYlY5bWFXeGxJZ29LWm05eUlHSnBiaUJwYmlCcmRXSmxiR1YwSUd0MVltVmhaRzBnYTNWaVpXTjBiRHNnWkc4S0lDQWdJR3h1SUMxelppQWlKR3QxWW1WZlpHbHlMeVJpYVc0aUlDSWtiM0IwWDJKcGJpSXZKR0pwYmdwa2IyNWxDZ29qSUhObGRDQnJkV0psYkdWMElHNXZaR1ZwY0NCbGJuWnBjbTl1YldWdWRDQjJZWEpwWVdKc1pRb3ZiM0IwTDJKcGJpOXpaWFIxY0Y5dVpYUmZaVzUyTG5Ob0NncHplWE4wWlcxamRHd2daVzVoWW14bElDMHRibTkzSUd0MVltVnNaWFFLYzNsemRHVnRZM1JzSUdWdVlXSnNaU0F0TFc1dmR5QXRMVzV2TFdKc2IyTnJJR3QxWW1Wc1pYUXRhR1ZoYkhSb1kyaGxZMnN1YzJWeWRtbGpaUW89CgotIHBhdGg6ICcvb3B0L2Jpbi9zdXBlcnZpc2Uuc2gnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2WW1sdUwySmhjMmdLYzJWMElDMTRaWFZ2SUhCcGNHVm1ZV2xzQ25kb2FXeGxJQ0VnSWlSQUlqc2daRzhLSUNCemJHVmxjQ0F4Q21SdmJtVUsKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0va3ViZWxldC5zZXJ2aWNlJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgVzFWdWFYUmRDa0ZtZEdWeVBXUnZZMnRsY2k1elpYSjJhV05sQ2xKbGNYVnBjbVZ6UFdSdlkydGxjaTV6WlhKMmFXTmxDZ3BFWlhOamNtbHdkR2x2YmoxcmRXSmxiR1YwT2lCVWFHVWdTM1ZpWlhKdVpYUmxjeUJPYjJSbElFRm5aVzUwQ2tSdlkzVnRaVzUwWVhScGIyNDlhSFIwY0hNNkx5OXJkV0psY201bGRHVnpMbWx2TDJSdlkzTXZhRzl0WlM4S0NsdFRaWEoyYVdObFhRcFZjMlZ5UFhKdmIzUUtVbVZ6ZEdGeWREMWhiSGRoZVhNS1UzUmhjblJNYVcxcGRFbHVkR1Z5ZG1Gc1BUQUtVbVZ6ZEdGeWRGTmxZejB4TUFwRFVGVkJZMk52ZFc1MGFXNW5QWFJ5ZFdVS1RXVnRiM0o1UVdOamIzVnVkR2x1WnoxMGNuVmxDZ3BGYm5acGNtOXViV1Z1ZEQwaVVFRlVTRDB2YjNCMEwySnBiam92WW1sdU9pOTFjM0l2Ykc5allXd3ZjMkpwYmpvdmRYTnlMMnh2WTJGc0wySnBiam92ZFhOeUwzTmlhVzQ2TDNWemNpOWlhVzQ2TDNOaWFXNHZJZ3BGYm5acGNtOXViV1Z1ZEVacGJHVTlMUzlsZEdNdlpXNTJhWEp2Ym0xbGJuUUtDa1Y0WldOVGRHRnlkRkJ5WlQwdlltbHVMMkpoYzJnZ0wyOXdkQzlrYVhOaFlteGxMWE4zWVhBdWMyZ0tSWGhsWTFOMFlYSjBVSEpsUFM5aWFXNHZZbUZ6YUNBdmIzQjBMMnh2WVdRdGEyVnlibVZzTFcxdlpIVnNaWE11YzJnS1JYaGxZMU4wWVhKMFVISmxQUzlpYVc0dlltRnphQ0F2YjNCMEwySnBiaTl6WlhSMWNGOXVaWFJmWlc1MkxuTm9Da1Y0WldOVGRHRnlkRDB2YjNCMEwySnBiaTlyZFdKbGJHVjBJQ1JMVlVKRlRFVlVYMFZZVkZKQlgwRlNSMU1nWEFvZ0lDMHRZbTl2ZEhOMGNtRndMV3QxWW1WamIyNW1hV2M5TDJWMFl5OXJkV0psY201bGRHVnpMMkp2YjNSemRISmhjQzFyZFdKbGJHVjBMbU52Ym1ZZ1hBb2dJQzB0YTNWaVpXTnZibVpwWnowdmRtRnlMMnhwWWk5cmRXSmxiR1YwTDJ0MVltVmpiMjVtYVdjZ1hBb2dJQzB0WTI5dVptbG5QUzlsZEdNdmEzVmlaWEp1WlhSbGN5OXJkV0psYkdWMExtTnZibVlnWEFvZ0lDMHRibVYwZDI5eWF5MXdiSFZuYVc0OVkyNXBJRndLSUNBdExXTmxjblF0WkdseVBTOWxkR012YTNWaVpYSnVaWFJsY3k5d2Eya2dYQW9nSUMwdFkyeHZkV1F0Y0hKdmRtbGtaWEk5WVhkeklGd0tJQ0F0TFdOc2IzVmtMV052Ym1acFp6MHZaWFJqTDJ0MVltVnlibVYwWlhNdlkyeHZkV1F0WTI5dVptbG5JRndLSUNBdExXUjVibUZ0YVdNdFkyOXVabWxuTFdScGNqMHZaWFJqTDJ0MVltVnlibVYwWlhNdlpIbHVZVzFwWXkxamIyNW1hV2N0WkdseUlGd0tJQ0F0TFdabFlYUjFjbVV0WjJGMFpYTTlSSGx1WVcxcFkwdDFZbVZzWlhSRGIyNW1hV2M5ZEhKMVpTQmNDaUFnTFMxbGVHbDBMVzl1TFd4dlkyc3RZMjl1ZEdWdWRHbHZiaUJjQ2lBZ0xTMXNiMk5yTFdacGJHVTlMM1J0Y0M5cmRXSmxiR1YwTG14dlkyc2dYQW9nSUMwdFkyOXVkR0ZwYm1WeUxYSjFiblJwYldVOVpHOWphMlZ5SUZ3S0lDQXRMV052Ym5SaGFXNWxjaTF5ZFc1MGFXMWxMV1Z1WkhCdmFXNTBQWFZ1YVhnNkx5OHZkbUZ5TDNKMWJpOWtiMk5yWlhKemFHbHRMbk52WTJzZ1hBb2dJQzB0Ym05a1pTMXBjQ0FrZTB0VlFrVk1SVlJmVGs5RVJWOUpVSDBLQ2x0SmJuTjBZV3hzWFFwWFlXNTBaV1JDZVQxdGRXeDBhUzExYzJWeUxuUmhjbWRsZEFvPQoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LnNlcnZpY2UuZC9leHRyYXMuY29uZicKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcxTmxjblpwWTJWZENrVnVkbWx5YjI1dFpXNTBQU0pMVlVKRlRFVlVYMFZZVkZKQlgwRlNSMU05TFMxeVpYTnZiSFl0WTI5dVpqMHZjblZ1TDNONWMzUmxiV1F2Y21WemIyeDJaUzl5WlhOdmJIWXVZMjl1WmlJSwoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL2Nsb3VkLWNvbmZpZycKICBwZXJtaXNzaW9uczogJzA2MDAnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcyZHNiMkpoYkYwS1dtOXVaVDBpWlhVdFkyVnVkSEpoYkMweFlpSUtWbEJEUFNKbExURXlNMllpQ2xOMVltNWxkRWxFUFNKMFpYTjBMWE4xWW01bGRDSUtDZz09CgotIHBhdGg6ICcvb3B0L2Jpbi9zZXR1cF9uZXRfZW52LnNoJwogIHBlcm1pc3Npb25zOiAnMDc1NScKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgSXlFdmRYTnlMMkpwYmk5bGJuWWdZbUZ6YUFwbFkyaHZaR0YwWlNncElIc0tJQ0JsWTJodklDSmJKQ2hrWVhSbElDMUpjeWxkSWlBaUpFQWlDbjBLQ2lNZ1oyVjBJSFJvWlNCa1pXWmhkV3gwSUdsdWRHVnlabUZqWlNCSlVDQmhaR1J5WlhOekNrUkZSa0ZWVEZSZlNVWkRYMGxRUFNRb2FYQWdMVzhnSUhKdmRYUmxJR2RsZENBeElId2daM0psY0NBdGIxQWdJbk55WXlCY1MxeFRLeUlwQ2dwcFppQmJJQzE2SUNJa2UwUkZSa0ZWVEZSZlNVWkRYMGxRZlNJZ1hRcDBhR1Z1Q2lBZ1pXTm9iMlJoZEdVZ0lrWmhhV3hsWkNCMGJ5Qm5aWFFnU1ZBZ1lXUmtjbVZ6Y3lCbWIzSWdkR2hsSUdSbFptRjFiSFFnY205MWRHVWdhVzUwWlhKbVlXTmxJZ29nSUdWNGFYUWdNUXBtYVFvS0NpTWdaMlYwSUhSb1pTQm1kV3hzSUdodmMzUnVZVzFsQ2taVlRFeGZTRTlUVkU1QlRVVTlKQ2hvYjNOMGJtRnRaU0F0WmlrS0l5QnBaaUF2WlhSakwyaHZjM1J1WVcxbElHbHpJRzV2ZENCbGJYQjBlU0IwYUdWdUlIVnpaU0IwYUdVZ2FHOXpkRzVoYldVZ1puSnZiU0IwYUdWeVpRcHBaaUJiSUMxeklDOWxkR012YUc5emRHNWhiV1VnWFRzZ2RHaGxiZ29nSUVaVlRFeGZTRTlUVkU1QlRVVTlKQ2hqWVhRZ0wyVjBZeTlvYjNOMGJtRnRaU2tLWm1rS0NpTWdkM0pwZEdVZ2RHaGxJRzV2WkdWcGNGOWxibllnWm1sc1pRb2pJSGRsSUc1bFpXUWdkR2hsSUd4cGJtVWdZbVZzYjNjZ1ltVmpZWFZ6WlNCbWJHRjBZMkZ5SUdoaGN5QjBhR1VnYzJGdFpTQnpkSEpwYm1jZ0ltTnZjbVZ2Y3lJZ2FXNGdkR2hoZENCbWFXeGxDbWxtSUdkeVpYQWdMWEVnWTI5eVpXOXpJQzlsZEdNdmIzTXRjbVZzWldGelpRcDBhR1Z1Q2lBZ1pXTm9ieUFpUzFWQ1JVeEZWRjlPVDBSRlgwbFFQU1I3UkVWR1FWVk1WRjlKUmtOZlNWQjlYRzVMVlVKRlRFVlVYMGhQVTFST1FVMUZQU1I3UmxWTVRGOUlUMU5VVGtGTlJYMGlJRDRnTDJWMFl5OXJkV0psY201bGRHVnpMMjV2WkdWcGNDNWpiMjVtQ21Wc2FXWWdXeUFoSUMxa0lDOWxkR012YzNsemRHVnRaQzl6ZVhOMFpXMHZhM1ZpWld4bGRDNXpaWEoyYVdObExtUWdYUXAwYUdWdUNpQWdaV05vYjJSaGRHVWdJa05oYmlkMElHWnBibVFnYTNWaVpXeGxkQ0J6WlhKMmFXTmxJR1Y0ZEhKaGN5QmthWEpsWTNSdmNua2lDaUFnWlhocGRDQXhDbVZzYzJVS0lDQmxZMmh2SUMxbElDSmJVMlZ5ZG1salpWMWNia1Z1ZG1seWIyNXRaVzUwUFZ3aVMxVkNSVXhGVkY5T1QwUkZYMGxRUFNSN1JFVkdRVlZNVkY5SlJrTmZTVkI5WENKY2JrVnVkbWx5YjI1dFpXNTBQVndpUzFWQ1JVeEZWRjlJVDFOVVRrRk5SVDBrZTBaVlRFeGZTRTlUVkU1QlRVVjlYQ0lpSUQ0Z0wyVjBZeTl6ZVhOMFpXMWtMM041YzNSbGJTOXJkV0psYkdWMExuTmxjblpwWTJVdVpDOXViMlJsYVhBdVkyOXVaZ3BtYVFvPQoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL3BraS9jYS5jcnQnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VWWGFrTkRRVEJMWjBGM1NVSkJaMGxLUVV4bVVteFhjMGs0V1ZGSVRVRXdSME5UY1VkVFNXSXpSRkZGUWtKUlZVRk5TSE40UTNwQlNrSm5UbFlLUWtGWlZFRnNWbFJOVVhOM1ExRlpSRlpSVVVsRmQwcEVVVlJGVjAxQ1VVZEJNVlZGUW5oTlRsVXlSblZKUlZwNVdWYzFhbUZZVG1waWVrVlZUVUpKUndwQk1WVkZRMmhOVEZGdVNtaGFSMXB3WkVod2NHSnRUWGhGYWtGUlFtZE9Wa0pCVFZSRFYzaDJXVEpHYzJGSE9YcGtSRVZrVFVKelIwTlRjVWRUU1dJekNrUlJSVXBCVWxsUFdXNUthRnBGUW10WlZ6VnVXVk0xYW1JeU1IZElhR05PVFZSUmQwNTZSVEZOYWtFd1RtcEJNVmRvWTA1TlZHTjNUbFJCTUUxcVFUQUtUbXBCTVZkcVFqZE5VWE4zUTFGWlJGWlJVVWRGZDBwV1ZYcEZURTFCYTBkQk1WVkZRMEpOUTFFd1JYaEdha0ZWUW1kT1ZrSkJZMVJFVms1b1ltbENSd3BqYlVaMVdUSnNlbGt5T0hoR1JFRlRRbWRPVmtKQmIxUkRNRXA1V1ZkU2JXRllValpoVnpWcVRWSkpkMFZCV1VSV1VWRkVSWGRzYzJJeVRtaGlSMmgyQ21NelVYaElWRUZpUW1kcmNXaHJhVWM1ZHpCQ1ExRkZWMFJ0U25sWlYxSkJXa2RHZFZveVJYVlpNamwwVFVsSlFrbHFRVTVDWjJ0eGFHdHBSemwzTUVJS1FWRkZSa0ZCVDBOQlVUaEJUVWxKUWtOblMwTkJVVVZCZERWbVFXcHdOR1pVWTJWclYxVlVabnB6Y0RCcmVXbG9NVTlaWW5OSFREQkxXREZsVW1KVFV3cFNPRTlrTUNzNVVUWXlTSGx1ZVN0SFJuZE5WR0kwUVM5TFZUaHRjM052U0haalkyVlRRVUZpZDJaaWVFWkxMeXR6TlRGVWIySnhWVzVQVWxweVQyOVVDbHBxYTFWNVoySjVXRVJUU3prNVdVSmlZMUl4VUdsd09IWjNUVlJ0TkZoTGRVeDBRMmxuWlVKQ1pHcHFRVkZrWjFWUE1qaE1SVTVIYkhOTmJtMWxXV3NLU21aUFJGWkhibFp0Y2pWTWRHSTVRVTVCT0VsTGVWUm1jMjVJU2pScFQwTlRMMUJzVUdKVmFqSnhOMWx1YjFaTWNHOXpWVUpOYkdkVllpOURlV3RZTXdwdFQyOU1ZalI1U2twUmVVRXZhVk5VTmxwNGFVbEZhak0yUkRSNVYxbzFiR2MzV1Vwc0sxVnBhVUpSU0VkRGJsQmtSM2xwY0hGV01EWmxlREJvWlZsWENtTmhhVmM0VEZkYVUxVlJPVE5xVVN0WFZrTklPR2hVTjBSUlR6RmtiWE4yVlcxWWJIRXZTbVZCYkhkUkwxRkpSRUZSUVVKdk5FaG5UVWxJWkUxQ01FY0tRVEZWWkVSblVWZENRbEpqUVZKUGRHaFRORkEwVlRkMlZHWnFRbmxETlRZNVVqZEZOa1JEUW5KUldVUldVakJxUWtsSGJFMUpSMmxuUWxKalFWSlBkQXBvVXpSUU5GVTNkbFJtYWtKNVF6VTJPVkkzUlRaTFJpOXdTREIzWlhwRlRFMUJhMGRCTVZWRlFtaE5RMVpXVFhoRGVrRktRbWRPVmtKQloxUkJhMDVDQ2sxU1dYZEdRVmxFVmxGUlNFVjNNVlJaVnpSblVtNUthR0p0VG5Cak1rNTJUVkpSZDBWbldVUldVVkZMUlhkMFEyTnRSbXRhYld3d1pXMXNkVmw2UlZNS1RVSkJSMEV4VlVWQmVFMUtZa2M1YWxsWGVHOWlNMDR3VFZJd2QwZDNXVXBMYjFwSmFIWmpUa0ZSYTBKR1p6VnBZMjFHYTFGSFVtaGliV1JvVEcxT2RncGlXVWxLUVV4bVVteFhjMGs0V1ZGSVRVRjNSMEV4VldSRmQxRkdUVUZOUWtGbU9IZEVVVmxLUzI5YVNXaDJZMDVCVVVWR1FsRkJSR2RuUlVKQlJ6Wm9DbFU1WmpselRrZ3dMelp2UW1KSFIza3lSVlpWTUZWblNWUlZVVWx5Umxkdk9YSkdhM0pYTldzdldHdEVhbEZ0S3pOc2VtcFVNR2xIVWpSSmVFVXZRVzhLWlZVMmMxRm9kV0UzZDNKWFpVWkZialEzUjB3NU9HeHVRM05LWkVRM2IxcE9hRVp0VVRrMVZHSXZURzVFVldwek5WbHFPV0p5VURCT1YzcFlabGxWTkFwVlN6SmFia2xPU2xKalNuQkNPR2xTUTJGRGVFVTRSR1JqVlVZd1dIRkpSWEUyY0VFeU56SnpibTlNYldsWVRFMTJUbXd6YTFsRlpHMHJhbVUyZG05RUNqVTRVMDVXUlZWemVuUjZVWGxZYlVwRmFFTndkMVpKTUVFMlVVTnFlbGhxSzNGMmNHMTNNMXBhU0drNFNuZFlaV2s0V2xwQ1RGUlRSa0pyYVRoYU4yNEtjMGc1UWtKSU16Z3ZVM3BWYlVGT05GRklVMUI1TVdkcWNXMHdNRTlCUlRoT1lWbEVhMmd2WW5wRk5HUTNiVXhIUjAxWGNDOVhSVE5MVUZOMU9ESklSZ3ByVUdVMldHOVRZbWxNYlM5cmVHc3pNbFF3UFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2c9PQoKLSBwYXRoOiAnL2V0Yy9rdWJlcm5ldGVzL2Jvb3RzdHJhcC1rdWJlbGV0LmNvbmYnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBZWEJwVm1WeWMybHZiam9nZGpFS1kyeDFjM1JsY25NNkNpMGdZMngxYzNSbGNqb0tJQ0FnSUdObGNuUnBabWxqWVhSbExXRjFkR2h2Y21sMGVTMWtZWFJoT2lCTVV6QjBURk14UTFKVlpFcFVhVUpFVWxaS1ZWTlZXa3BSTUVaVlVsTXdkRXhUTUhSRGF6RktVMVZTU0ZKRlRrUlJWMlJFV2pCR00xTlZTa0phTUd4RFVWVlNRbFJyU201aE0wWnZZVEpzU0U5WVkzZFJhMFpTWXpCYVFsSkZSVFZVVmxKNlpEQTVVbGRWVWxkVlZrWkZVbGh3UzJWWFNYbFBWRUZMVkVaa1QyRkZlSFZWVkU1cVZqTlNORnBWVWxkbFIxSkVUbGQ0YTFkRmNESlpNR1JXWkVkUmVWWnVjR3RTUlRFd1YxaHJNV0V4Y0ZsWFdGWm9UVEZhY0Zkc2FFdGtSbXhaVlc1Q1dtVlVWbmRaYm5CQ1dsRndSMlI2UWpSVU1GSkNaVlV4UlZKWWFFNWxiRlY1VkZWU2IxbFZXak5OU0d4UVVrVkdORlJZY0VKbFJURTJWbFJLVGxKSGFHaFVWVkYzWlVVNU5sRlVWa05hTURWWFVXdEdUbFpGTVhWVGJscHBUVEZHTUVOc2EzbFNXRlpyVWtkU05GbFVUa2RPUlRWWlVtcENUV0pXV1hoWk1qQTFaREZ3VkUxVVRtRlhSVFIzVkZocmVHRnJlSFJWYlhocllWUldlVnBHWkV0aVIwNTBUVmRvYTFJeWVIRlVSekZ6WkdzeFNsTlZTVXRUVjNCQ1ZHdEtibUV6Um05aE1teElUMWhqZDFGclJsSlNWVnBDVVZVNVJGRldSVFJSVlRGS1UxVktSRm93ZEVSUlZrWkdVVmhCTWxORVdsZE9WRnBwVjFWb01sRXlWalpVUjNSNVdtdHNObFJVWjNoWlozQndZbnBqZGxkdFJqTk1NSGhNVWxoamQxcFZXWEpVUlRFeVRrVlZja3d4UlhaYWExcHZZekJvUkVzeU1XOWFWWGh1VFZWb1dGWldRa2RWUmtweVRrWkNVazlFVm5SUlV6Z3daRWR3Y0dKWGNGUlZSVnBGUTIxek1sVXdiSFJsYTNSSFZFWnNVbG96WkVSYU1tUndWbnBvVDAxdGFGQkxlbXcyWTJ0S1ZsRlZlRXRTYTJSRFRtcFNkbFF5VG1sUmJXOHlVbGhKZGtzd05YTlZSV1JLVFRGS1UxWXhaR3RoVlZaVlZqQlpTMVl4YkVST1IzQnRVMjF3YVZKcVZsRlpibXcxVjBWb2RXTXdaRzFrUms1UFYxWndRMVJFWTNoV2VtUnZUMWR3VFZZelFqVldWbVJNVkVSYVlWZFZSazlrTUZKUVZHcEtVMWx1UVROa1NFSXhaSHBDV1U1bmNISmhlWE4zVVZaYU0xWnVjSEpOZWtGeVZGVTFObUpYV1RGTlNFWXpTekk0TkUxVWFHbGFhM2hXVWtkMGFGUnJNVzFVUmsweVUxUkNNMVZYTUROVmEyUnVTekF4Ymxac1NrVmxWRTVFWkZac2VGcHJiRmhEYkd0NVpXNW5NbGw2WkZGaldIQkhZekZhVjFwcmJIbFpWRUpwVFVoR2FHUkZOWE5OVm1oSllXcG9NRXN3WkU5alYxSnBZVlJKZGxKc1JuRlJNMmh3WWtaU1QyUlhOVEJXUkU0eVpWUktiRlF3YUZKVFZWRkxVVlpHUWxGdE9UVlVXR1JLVmtWR1VGRnRaRTlXYTJoU1QwVktRbHBxYUVaUmEwWk9VVEJHZUZWWVpFVmtNV3hGVm14SmQxWkZSbEpUUXpsRFVWWldNMUZZWkVaUmFUazJVVlUxUTFveWRIaGhSM1J3VW5kdk5XUjZRa05SVmtaNlVtdEdRbFF3VGtKVlZWWkNVMWN4Um1KcmJGbFdhazVGWlZjeFJHTlViSGhWUkdSM1N6TldTMDVVVmpGYWJHaHJZVEZKZVZveWFFVldWbXg1VmtaU2FsVklaSEZWYWtweFZrVm9hRU50YkdGUlUzUnVUMGMwTWxWWVNsWmlNRTVGVG01T05sSjVkSE5oUjBaelRqSm9VVTV1YUd0V00xWlRZV3hvUjFORk9ETlphelV5VG1wT1NtTlZWa2hsYkVwRldqTmpNVm96WkdwalZsWlZWMnRXTW1ReVkwdGFNakUyVG5wVk5XUjVPV2hTYlZsNFZtcEZlV0ZFUm1oYWJFSjBVVlJzUmxKNlZrOWFSV2cwWXpObk5WRlhlRWxMTUZreVpFaHNlbU5JUWxoaFJsVTBWMFZXVWxaVlJreFJNVUp4WW01a1ZtSlZjekJqUVc4eldqTmFWVmR1U1hsbGJtOHdZbTVrYjFkdE9IcFVSR2MxVFVST2VHTklVbXBqVkVaelYycFNVRmRZVGtWaU1XaDJZa1JHTVdWdFJsSlRSR2Q1WlVoc00xcFdUa3hSTUhSWlkwVTVhV0ZZY0d4T1ZtOTNRMjVrZDJKdGNHdFNTRlpKVDBSa05FNUlTVEJVUjNCT1YyNUNNVTB6V2xsT2EzaHhVV3RTVGxWR1pISlRSV2hSVkdwV1FtRlhNSGhUYTNnd1RuazVVMVJHUW01V1NGSnhZekJ3VG1Oc1VrSlZlbVJ2V2pGdlMxcHJkRTFVUkd4U1ZGWkdjMDV1VFhoamEyaExUa1YwY2t3eVZUTlRNR00wVTBWRk1HRkZWazlTVjJoeVQxWnNSVnBzUlRsUVVXOTBURk13ZEV4VlZrOVNRMEpFVWxaS1ZWTlZXa3BSTUVaVlVsTXdkRXhUTUhSRFp6MDlDaUFnSUNCelpYSjJaWEk2SUdoMGRIQnpPaTh2Wm05dkxtSmhjam8yTkRRekNpQWdibUZ0WlRvZ1l3cGpiMjUwWlhoMGN6b0tMU0JqYjI1MFpYaDBPZ29nSUNBZ1kyeDFjM1JsY2pvZ1l3b2dJQ0FnZFhObGNqb2dZd29nSUc1aGJXVTZJR01LWTNWeWNtVnVkQzFqYjI1MFpYaDBPaUJqQ210cGJtUTZJRU52Ym1acFp3cHdjbVZtWlhKbGJtTmxjem9nZTMwS2RYTmxjbk02Q2kwZ2JtRnRaVG9nWXdvZ0lIVnpaWEk2Q2lBZ0lDQjBiMnRsYmpvZ2RHVnpkQzUwWlhOMENnbz0KCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0vc2V0dXAuc2VydmljZScKICBwZXJtaXNzaW9uczogJzA2NDQnCiAgZW5jb2Rpbmc6ICdiNjQnCiAgY29udGVudDogfC0KICAgIFcwbHVjM1JoYkd4ZENsZGhiblJsWkVKNVBXMTFiSFJwTFhWelpYSXVkR0Z5WjJWMENncGJWVzVwZEYwS1VtVnhkV2x5WlhNOWJtVjBkMjl5YXkxdmJteHBibVV1ZEdGeVoyVjBDa0ZtZEdWeVBXNWxkSGR2Y21zdGIyNXNhVzVsTG5SaGNtZGxkQW9LVzFObGNuWnBZMlZkQ2xSNWNHVTliMjVsYzJodmRBcFNaVzFoYVc1QlpuUmxja1Y0YVhROWRISjFaUXBGYm5acGNtOXViV1Z1ZEVacGJHVTlMUzlsZEdNdlpXNTJhWEp2Ym0xbGJuUUtSWGhsWTFOMFlYSjBQUzl2Y0hRdlltbHVMM04xY0dWeWRtbHpaUzV6YUNBdmIzQjBMMkpwYmk5elpYUjFjQW89CgotIHBhdGg6ICcvZXRjL3Byb2ZpbGUuZC9vcHQtYmluLXBhdGguc2gnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBaWGh3YjNKMElGQkJWRWc5SWk5dmNIUXZZbWx1T2lSUVFWUklJZ289CgotIHBhdGg6ICcvZXRjL2t1YmVybmV0ZXMva3ViZWxldC5jb25mJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgWVhCcFZtVnljMmx2YmpvZ2EzVmlaV3hsZEM1amIyNW1hV2N1YXpoekxtbHZMM1l4WW1WMFlURUthMmx1WkRvZ1MzVmlaV3hsZEVOdmJtWnBaM1Z5WVhScGIyNEtZWFYwYUdWdWRHbGpZWFJwYjI0NkNpQWdZVzV2Ym5sdGIzVnpPZ29nSUNBZ1pXNWhZbXhsWkRvZ1ptRnNjMlVLSUNCM1pXSm9iMjlyT2dvZ0lDQWdaVzVoWW14bFpEb2dkSEoxWlFvZ0lIZzFNRGs2Q2lBZ0lDQmpiR2xsYm5SRFFVWnBiR1U2SUM5bGRHTXZhM1ZpWlhKdVpYUmxjeTl3YTJrdlkyRXVZM0owQ21GMWRHaHZjbWw2WVhScGIyNDZDaUFnYlc5a1pUb2dWMlZpYUc5dmF3cGpaM0p2ZFhCRWNtbDJaWEk2SUhONWMzUmxiV1FLWTJ4MWMzUmxja1JPVXpvS0xTQWlNVEF1TUM0d0xqQWlDbU5zZFhOMFpYSkViMjFoYVc0NklHTnNkWE4wWlhJdWJHOWpZV3dLWm1WaGRIVnlaVWRoZEdWek9nb2dJRWR5WVdObFpuVnNUbTlrWlZOb2RYUmtiM2R1T2lCMGNuVmxDaUFnU1dSbGJuUnBabmxRYjJSUFV6b2dabUZzYzJVS2NISnZkR1ZqZEV0bGNtNWxiRVJsWm1GMWJIUnpPaUIwY25WbENuSmxZV1JQYm14NVVHOXlkRG9nTUFweWIzUmhkR1ZEWlhKMGFXWnBZMkYwWlhNNklIUnlkV1VLYzJWeWRtVnlWRXhUUW05dmRITjBjbUZ3T2lCMGNuVmxDbk4wWVhScFkxQnZaRkJoZEdnNklDOWxkR012YTNWaVpYSnVaWFJsY3k5dFlXNXBabVZ6ZEhNS2EzVmlaVkpsYzJWeWRtVmtPZ29nSUdOd2RUb2dNakF3YlFvZ0lHVndhR1Z0WlhKaGJDMXpkRzl5WVdkbE9pQXhSMmtLSUNCdFpXMXZjbms2SURJd01FMXBDbk41YzNSbGJWSmxjMlZ5ZG1Wa09nb2dJR053ZFRvZ01qQXdiUW9nSUdWd2FHVnRaWEpoYkMxemRHOXlZV2RsT2lBeFIya0tJQ0J0WlcxdmNuazZJREl3TUUxcENtVjJhV04wYVc5dVNHRnlaRG9LSUNCcGJXRm5aV1p6TG1GMllXbHNZV0pzWlRvZ01UVWxDaUFnYldWdGIzSjVMbUYyWVdsc1lXSnNaVG9nTVRBd1RXa0tJQ0J1YjJSbFpuTXVZWFpoYVd4aFlteGxPaUF4TUNVS0lDQnViMlJsWm5NdWFXNXZaR1Z6Um5KbFpUb2dOU1VLZEd4elEybHdhR1Z5VTNWcGRHVnpPZ290SUZSTVUxOUJSVk5mTVRJNFgwZERUVjlUU0VFeU5UWUtMU0JVVEZOZlFVVlRYekkxTmw5SFEwMWZVMGhCTXpnMENpMGdWRXhUWDBOSVFVTklRVEl3WDFCUFRGa3hNekExWDFOSVFUSTFOZ290SUZSTVUxOUZRMFJJUlY5RlEwUlRRVjlYU1ZSSVgwRkZVMTh4TWpoZlIwTk5YMU5JUVRJMU5nb3RJRlJNVTE5RlEwUklSVjlGUTBSVFFWOVhTVlJJWDBGRlUxOHlOVFpmUjBOTlgxTklRVE00TkFvdElGUk1VMTlGUTBSSVJWOUZRMFJUUVY5WFNWUklYME5JUVVOSVFUSXdYMUJQVEZreE16QTFDaTBnVkV4VFgwVkRSRWhGWDFKVFFWOVhTVlJJWDBGRlUxOHhNamhmUjBOTlgxTklRVEkxTmdvdElGUk1VMTlGUTBSSVJWOVNVMEZmVjBsVVNGOUJSVk5mTWpVMlgwZERUVjlUU0VFek9EUUtMU0JVVEZOZlJVTkVTRVZmVWxOQlgxZEpWRWhmUTBoQlEwaEJNakJmVUU5TVdURXpNRFVLZG05c2RXMWxVR3gxWjJsdVJHbHlPaUF2ZG1GeUwyeHBZaTlyZFdKbGJHVjBMM1p2YkhWdFpYQnNkV2RwYm5NSwoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9rdWJlbGV0LWhlYWx0aGNoZWNrLnNlcnZpY2UnCiAgcGVybWlzc2lvbnM6ICcwNjQ0JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBXMVZ1YVhSZENsSmxjWFZwY21WelBXdDFZbVZzWlhRdWMyVnlkbWxqWlFwQlpuUmxjajFyZFdKbGJHVjBMbk5sY25acFkyVUtDbHRUWlhKMmFXTmxYUXBGZUdWalUzUmhjblE5TDI5d2RDOWlhVzR2YUdWaGJIUm9MVzF2Ym1sMGIzSXVjMmdnYTNWaVpXeGxkQW9LVzBsdWMzUmhiR3hkQ2xkaGJuUmxaRUo1UFcxMWJIUnBMWFZ6WlhJdWRHRnlaMlYwQ2c9PQoKLSBwYXRoOiAnL29wdC9kaXNhYmxlLXN3YXAuc2gnCiAgcGVybWlzc2lvbnM6ICcwNzU1JwogIGVuY29kaW5nOiAnYjY0JwogIGNvbnRlbnQ6IHwtCiAgICBJeUV2ZFhOeUwySnBiaTlsYm5ZZ1ltRnphQXB6WlhRZ0xXVjFieUJ3YVhCbFptRnBiQW9LSXlCTllXdGxJSE4xY21VZ2QyVWdZV3gzWVhseklHUnBjMkZpYkdVZ2MzZGhjQ0F0SUU5MGFHVnlkMmx6WlNCMGFHVWdhM1ZpWld4bGRDQjNiMjRuZENCemRHRnlkQ0JoY3lCbWIzSWdjMjl0WlNCamJHOTFaQW9qSUhCeWIzWnBaR1Z5Y3lCemQyRndJR2RsZEhNZ1pXNWhZbXhsWkNCdmJpQnlaV0p2YjNRZ2IzSWdZV1owWlhJZ2RHaGxJSE5sZEhWd0lITmpjbWx3ZENCb1lYTWdabWx1YVhOb1pXUWdaWGhsWTNWMGFXNW5MZ3B6WldRZ0xXa3ViM0pwWnlBbkx5NHFjM2RoY0M0cUwyUW5JQzlsZEdNdlpuTjBZV0lLYzNkaGNHOW1aaUF0WVFvPQoKLSBwYXRoOiAnL2V0Yy9zeXN0ZW1kL3N5c3RlbS9jb250YWluZXJkLnNlcnZpY2UuZC9lbnZpcm9ubWVudC5jb25mJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBjb250ZW50OiB8LQogICAgW1NlcnZpY2VdCiAgICBSZXN0YXJ0PWFsd2F5cwogICAgRW52aXJvbm1lbnRGaWxlPS0vZXRjL2Vudmlyb25tZW50CiAgICAKCi0gcGF0aDogJy9ldGMvc3lzdGVtZC9zeXN0ZW0vZG9ja2VyLnNlcnZpY2UuZC9lbnZpcm9ubWVudC5jb25mJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBjb250ZW50OiB8LQogICAgW1NlcnZpY2VdCiAgICBSZXN0YXJ0PWFsd2F5cwogICAgRW52aXJvbm1lbnRGaWxlPS0vZXRjL2Vudmlyb25tZW50CiAgICAKCi0gcGF0aDogJy9ldGMvZG9ja2VyL2RhZW1vbi5qc29uJwogIHBlcm1pc3Npb25zOiAnMDY0NCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgZXlKbGVHVmpMVzl3ZEhNaU9sc2libUYwYVhabExtTm5jbTkxY0dSeWFYWmxjajF6ZVhOMFpXMWtJbDBzSW5OMGIzSmhaMlV0WkhKcGRtVnlJam9pYjNabGNteGhlVElpTENKc2IyY3RaSEpwZG1WeUlqb2lhbk52YmkxbWFXeGxJaXdpYkc5bkxXOXdkSE1pT25zaWJXRjRMV1pwYkdVaU9pSTFJaXdpYldGNExYTnBlbVVpT2lJeE1EQnRJbjBzSW1sdWMyVmpkWEpsTFhKbFoybHpkSEpwWlhNaU9sc2lNVGt5TGpFMk9DNHhNREF1TVRBd09qVXdNREFpTENJeE1DNHdMakF1TVRvMU1EQXdJbDBzSW5KbFoybHpkSEo1TFcxcGNuSnZjbk1pT2xzaWFIUjBjSE02THk5eVpXZHBjM1J5ZVM1a2IyTnJaWEl0WTI0dVkyOXRJbDE5CgotIHBhdGg6ICcvcm9vdC8uZG9ja2VyL2NvbmZpZy5qc29uJwogIHBlcm1pc3Npb25zOiAnMDYwMCcKICBlbmNvZGluZzogJ2I2NCcKICBjb250ZW50OiB8LQogICAgCg== +immutable: true +kind: Secret +metadata: + annotations: + k8c.io/machine-deployment-revision: "1" + creationTimestamp: null + name: ubuntu-aws-kube-system-provisioning-config + namespace: cloud-init-settings + resourceVersion: "1" +type: Opaque diff --git a/pkg/crd/osm/v1alpha1/operatingsystemconfig_types.go b/pkg/crd/osm/v1alpha1/operatingsystemconfig_types.go index 792f8b9d..fc623d71 100644 --- a/pkg/crd/osm/v1alpha1/operatingsystemconfig_types.go +++ b/pkg/crd/osm/v1alpha1/operatingsystemconfig_types.go @@ -30,6 +30,7 @@ const ( //+genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=osc // OperatingSystemConfig is the object that represents the OperatingSystemConfig type OperatingSystemConfig struct { diff --git a/pkg/crd/osm/v1alpha1/operatingsystemprofile_types.go b/pkg/crd/osm/v1alpha1/operatingsystemprofile_types.go index 657517dd..e09f2c48 100644 --- a/pkg/crd/osm/v1alpha1/operatingsystemprofile_types.go +++ b/pkg/crd/osm/v1alpha1/operatingsystemprofile_types.go @@ -30,6 +30,7 @@ const ( //+genclient // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:resource:shortName=osp // OperatingSystemProfile is the object that represents the OperatingSystemProfile type OperatingSystemProfile struct {